Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
malware.exe

Overview

General Information

Sample Name:malware.exe
Analysis ID:868123
MD5:7eac8aef6533d6b87e1d0004005430e4
SHA1:addf21b4bacf3c2e0eb001fb3e2be2d462da87bc
SHA256:ccc63f897d97e61dcb616f0e28ab43a995b466506e6de3c9c153386f492259ab
Infos:

Detection

Conti, Royal
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Conti ransomware
Multi AV Scanner detection for submitted file
Yara detected Royal Ransomware
Found ransom note / readme
Writes many files with high entropy
Connects to many different private IPs (likely to spread or exploit)
Writes a notice file (html or txt) to demand a ransom
Connects to many different private IPs via SMB (likely to spread or exploit)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Stores files to the Windows start menu directory
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64_ra
  • cmd.exe (PID: 6160 cmdline: "C:\Windows\system32\cmd.exe" MD5: 9D59442313565C2E0860B88BF32B2277)
    • conhost.exe (PID: 6620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
    • malware.exe (PID: 3896 cmdline: malware.exe -id 12345678901234567890123456789012 MD5: 7EAC8AEF6533D6B87E1D0004005430E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Conti, Conti LockConti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. It was first observed in 2020 and it is thought to be led by a Russia-based cybercrime group that goes under the Wizard Spider pseudonym. In early May 2022, the US government announced a reward of up to $10 million for information on the Conti ransomware gang.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.conti
NameDescriptionAttributionBlogpost URLsLink
8.t Dropper, Royal_unix, RoyalRoyalRoad8T_Dropper has been used by Chinese threat actor TA428 in order to install Cotx RAT onto victim's machines during Operation LagTime IT. According to Proofpoint the attack was developed against a number of government agencies in East Asia overseeing government information technology, domestic affairs, foreign affairs, economic development, and political processes. The dropper was delivered through an RTF document exploiting CVE-2018-0798.
  • Hellsing
  • Ice Fog
  • Pirate Panda
  • RANCOR
  • TA428
  • Tick
  • Tonto Team
  • Karma Panda
https://malpedia.caad.fkie.fraunhofer.de/details/win.8t_dropper

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
malware.exeMAL_EXE_RoyalRansomwareDetection for Royal Ransomware seen Dec 2022Silas Cutler, modfied by Florian Roth
  • 0x20a1b8:$x_ext: .royal_
  • 0x209156:$s_readme: README.TXT
  • 0x20a1cc:$s_readme: README.TXT
  • 0x208ba3:$x_ransom_msg01: If you are reading this, it means that your system were hit by Royal ransomware.
  • 0x2090d9:$x_ransom_msg02: Try Royal today and enter the new era of data security!
  • 0x208c10:$x_onion_site: http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/
malware.exeJoeSecurity_Conti_ransomwareYara detected Conti ransomwareJoe Security
    malware.exeJoeSecurity_RoyalRansomwareYara detected Royal RansomwareJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000F.00000000.1780567176.0000000000951000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_Conti_ransomwareYara detected Conti ransomwareJoe Security
        0000000F.00000000.1780567176.0000000000951000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_RoyalRansomwareYara detected Royal RansomwareJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: malware.exeReversingLabs: Detection: 62%
          Source: malware.exeVirustotal: Detection: 72%Perma Link

          Exploits

          barindex
          Connects to many different private IPs (likely to spread or exploit)
          Source: global trafficTCP traffic: 192.168.2.148:445
          Source: global trafficTCP traffic: 192.168.2.149:445
          Source: global trafficTCP traffic: 192.168.2.146:445
          Source: global trafficTCP traffic: 192.168.2.147:445
          Source: global trafficTCP traffic: 192.168.2.140:445
          Source: global trafficTCP traffic: 192.168.2.141:445
          Source: global trafficTCP traffic: 192.168.2.144:445
          Source: global trafficTCP traffic: 192.168.2.145:445
          Source: global trafficTCP traffic: 192.168.2.142:445
          Source: global trafficTCP traffic: 192.168.2.143:445
          Source: global trafficTCP traffic: 192.168.2.159:445
          Source: global trafficTCP traffic: 192.168.2.157:445
          Source: global trafficTCP traffic: 192.168.2.158:445
          Source: global trafficTCP traffic: 192.168.2.151:445
          Source: global trafficTCP traffic: 192.168.2.152:445
          Source: global trafficTCP traffic: 192.168.2.150:445
          Source: global trafficTCP traffic: 192.168.2.155:445
          Source: global trafficTCP traffic: 192.168.2.156:445
          Source: global trafficTCP traffic: 192.168.2.153:445
          Source: global trafficTCP traffic: 192.168.2.154:445
          Source: global trafficTCP traffic: 192.168.2.126:445
          Source: global trafficTCP traffic: 192.168.2.247:445
          Source: global trafficTCP traffic: 192.168.2.127:445
          Source: global trafficTCP traffic: 192.168.2.248:445
          Source: global trafficTCP traffic: 192.168.2.124:445
          Source: global trafficTCP traffic: 192.168.2.245:445
          Source: global trafficTCP traffic: 192.168.2.125:445
          Source: global trafficTCP traffic: 192.168.2.246:445
          Source: global trafficTCP traffic: 192.168.2.128:445
          Source: global trafficTCP traffic: 192.168.2.249:445
          Source: global trafficTCP traffic: 192.168.2.129:445
          Source: global trafficTCP traffic: 192.168.2.240:445
          Source: global trafficTCP traffic: 192.168.2.122:445
          Source: global trafficTCP traffic: 192.168.2.243:445
          Source: global trafficTCP traffic: 192.168.2.123:445
          Source: global trafficTCP traffic: 192.168.2.244:445
          Source: global trafficTCP traffic: 192.168.2.120:445
          Source: global trafficTCP traffic: 192.168.2.241:445
          Source: global trafficTCP traffic: 192.168.2.121:445
          Source: global trafficTCP traffic: 192.168.2.242:445
          Source: global trafficTCP traffic: 192.168.2.97:445
          Source: global trafficTCP traffic: 192.168.2.137:445
          Source: global trafficTCP traffic: 192.168.2.96:445
          Source: global trafficTCP traffic: 192.168.2.138:445
          Source: global trafficTCP traffic: 192.168.2.99:445
          Source: global trafficTCP traffic: 192.168.2.135:445
          Source: global trafficTCP traffic: 192.168.2.98:445
          Source: global trafficTCP traffic: 192.168.2.136:445
          Source: global trafficTCP traffic: 192.168.2.139:445
          Source: global trafficTCP traffic: 192.168.2.250:445
          Source: global trafficTCP traffic: 192.168.2.130:445
          Source: global trafficTCP traffic: 192.168.2.251:445
          Source: global trafficTCP traffic: 192.168.2.91:445
          Source: global trafficTCP traffic: 192.168.2.90:445
          Source: global trafficTCP traffic: 192.168.2.93:445
          Source: global trafficTCP traffic: 192.168.2.133:445
          Source: global trafficTCP traffic: 192.168.2.254:445
          Source: global trafficTCP traffic: 192.168.2.92:445
          Source: global trafficTCP traffic: 192.168.2.134:445
          Source: global trafficTCP traffic: 192.168.2.255:445
          Source: global trafficTCP traffic: 192.168.2.95:445
          Source: global trafficTCP traffic: 192.168.2.131:445
          Source: global trafficTCP traffic: 192.168.2.252:445
          Source: global trafficTCP traffic: 192.168.2.94:445
          Source: global trafficTCP traffic: 192.168.2.132:445
          Source: global trafficTCP traffic: 192.168.2.253:445
          Source: global trafficTCP traffic: 192.168.2.104:445
          Source: global trafficTCP traffic: 192.168.2.225:445
          Source: global trafficTCP traffic: 192.168.2.105:445
          Source: global trafficTCP traffic: 192.168.2.226:445
          Source: global trafficTCP traffic: 192.168.2.102:445
          Source: global trafficTCP traffic: 192.168.2.223:445
          Source: global trafficTCP traffic: 192.168.2.103:445
          Source: global trafficTCP traffic: 192.168.2.224:445
          Source: global trafficTCP traffic: 192.168.2.108:445
          Source: global trafficTCP traffic: 192.168.2.229:445
          Source: global trafficTCP traffic: 192.168.2.109:445
          Source: global trafficTCP traffic: 192.168.2.106:445
          Source: global trafficTCP traffic: 192.168.2.227:445
          Source: global trafficTCP traffic: 192.168.2.107:445
          Source: global trafficTCP traffic: 192.168.2.228:445
          Source: global trafficTCP traffic: 192.168.2.100:445
          Source: global trafficTCP traffic: 192.168.2.221:445
          Source: global trafficTCP traffic: 192.168.2.101:445
          Source: global trafficTCP traffic: 192.168.2.222:445
          Source: global trafficTCP traffic: 192.168.2.220:445
          Source: global trafficTCP traffic: 192.168.2.115:445
          Source: global trafficTCP traffic: 192.168.2.236:445
          Source: global trafficTCP traffic: 192.168.2.116:445
          Source: global trafficTCP traffic: 192.168.2.237:445
          Source: global trafficTCP traffic: 192.168.2.113:445
          Source: global trafficTCP traffic: 192.168.2.234:445
          Source: global trafficTCP traffic: 192.168.2.114:445
          Source: global trafficTCP traffic: 192.168.2.235:445
          Source: global trafficTCP traffic: 192.168.2.119:445
          Source: global trafficTCP traffic: 192.168.2.117:445
          Source: global trafficTCP traffic: 192.168.2.238:445
          Source: global trafficTCP traffic: 192.168.2.118:445
          Source: global trafficTCP traffic: 192.168.2.239:445
          Source: global trafficTCP traffic: 192.168.2.111:445
          Source: global trafficTCP traffic: 192.168.2.232:445
          Source: global trafficTCP traffic: 192.168.2.112:445
          Source: global trafficTCP traffic: 192.168.2.233:445
          Source: global trafficTCP traffic: 192.168.2.230:445
          Source: global trafficTCP traffic: 192.168.2.110:445
          Source: global trafficTCP traffic: 192.168.2.231:445
          Source: global trafficTCP traffic: 192.168.2.203:445
          Source: global trafficTCP traffic: 192.168.2.204:445
          Source: global trafficTCP traffic: 192.168.2.201:445
          Source: global trafficTCP traffic: 192.168.2.202:445
          Source: global trafficTCP traffic: 192.168.2.207:445
          Source: global trafficTCP traffic: 192.168.2.208:445
          Source: global trafficTCP traffic: 192.168.2.205:445
          Source: global trafficTCP traffic: 192.168.2.206:445
          Source: global trafficTCP traffic: 192.168.2.200:445
          Source: global trafficTCP traffic: 192.168.2.209:445
          Source: global trafficTCP traffic: 192.168.2.214:445
          Source: global trafficTCP traffic: 192.168.2.215:445
          Source: global trafficTCP traffic: 192.168.2.212:445
          Source: global trafficTCP traffic: 192.168.2.213:445
          Source: global trafficTCP traffic: 192.168.2.218:445
          Source: global trafficTCP traffic: 192.168.2.219:445
          Source: global trafficTCP traffic: 192.168.2.216:445
          Source: global trafficTCP traffic: 192.168.2.217:445
          Source: global trafficTCP traffic: 192.168.2.210:445
          Source: global trafficTCP traffic: 192.168.2.211:445
          Source: global trafficTCP traffic: 192.168.2.39:445
          Source: global trafficTCP traffic: 192.168.2.38:445
          Source: global trafficTCP traffic: 192.168.2.42:445
          Source: global trafficTCP traffic: 192.168.2.41:445
          Source: global trafficTCP traffic: 192.168.2.44:445
          Source: global trafficTCP traffic: 192.168.2.43:445
          Source: global trafficTCP traffic: 192.168.2.46:445
          Source: global trafficTCP traffic: 192.168.2.45:445
          Source: global trafficTCP traffic: 192.168.2.48:445
          Source: global trafficTCP traffic: 192.168.2.47:445
          Source: global trafficTCP traffic: 192.168.2.40:445
          Source: global trafficTCP traffic: 192.168.2.28:445
          Source: global trafficTCP traffic: 192.168.2.27:445
          Source: global trafficTCP traffic: 192.168.2.29:445
          Source: global trafficTCP traffic: 192.168.2.31:445
          Source: global trafficTCP traffic: 192.168.2.30:445
          Source: global trafficTCP traffic: 192.168.2.33:445
          Source: global trafficTCP traffic: 192.168.2.32:445
          Source: global trafficTCP traffic: 192.168.2.35:445
          Source: global trafficTCP traffic: 192.168.2.34:445
          Source: global trafficTCP traffic: 192.168.2.37:445
          Source: global trafficTCP traffic: 192.168.2.36:445
          Source: global trafficTCP traffic: 192.168.2.17:445
          Source: global trafficTCP traffic: 192.168.2.16:445
          Source: global trafficTCP traffic: 192.168.2.19:445
          Source: global trafficTCP traffic: 192.168.2.18:445
          Source: global trafficTCP traffic: 192.168.2.20:445
          Source: global trafficTCP traffic: 192.168.2.22:445
          Source: global trafficTCP traffic: 192.168.2.21:445
          Source: global trafficTCP traffic: 192.168.2.24:445
          Source: global trafficTCP traffic: 192.168.2.23:445
          Source: global trafficTCP traffic: 192.168.2.26:445
          Source: global trafficTCP traffic: 192.168.2.25:445
          Source: global trafficTCP traffic: 192.168.2.11:445
          Source: global trafficTCP traffic: 192.168.2.10:445
          Source: global trafficTCP traffic: 192.168.2.13:445
          Source: global trafficTCP traffic: 192.168.2.12:445
          Source: global trafficTCP traffic: 192.168.2.15:445
          Source: global trafficTCP traffic: 192.168.2.14:445
          Source: global trafficTCP traffic: 192.168.2.0:445
          Source: global trafficTCP traffic: 192.168.2.2:445
          Source: global trafficTCP traffic: 192.168.2.1:445
          Source: global trafficTCP traffic: 192.168.2.180:445
          Source: global trafficTCP traffic: 192.168.2.181:445
          Source: global trafficTCP traffic: 192.168.2.8:445
          Source: global trafficTCP traffic: 192.168.2.7:445
          Source: global trafficTCP traffic: 192.168.2.9:445
          Source: global trafficTCP traffic: 192.168.2.4:445
          Source: global trafficTCP traffic: 192.168.2.6:445
          Source: global trafficTCP traffic: 192.168.2.5:445
          Source: global trafficTCP traffic: 192.168.2.86:445
          Source: global trafficTCP traffic: 192.168.2.85:445
          Source: global trafficTCP traffic: 192.168.2.88:445
          Source: global trafficTCP traffic: 192.168.2.87:445
          Source: global trafficTCP traffic: 192.168.2.89:445
          Source: global trafficTCP traffic: 192.168.2.184:445
          Source: global trafficTCP traffic: 192.168.2.185:445
          Source: global trafficTCP traffic: 192.168.2.80:445
          Source: global trafficTCP traffic: 192.168.2.182:445
          Source: global trafficTCP traffic: 192.168.2.183:445
          Source: global trafficTCP traffic: 192.168.2.82:445
          Source: global trafficTCP traffic: 192.168.2.188:445
          Source: global trafficTCP traffic: 192.168.2.81:445
          Source: global trafficTCP traffic: 192.168.2.189:445
          Source: global trafficTCP traffic: 192.168.2.84:445
          Source: global trafficTCP traffic: 192.168.2.186:445
          Source: global trafficTCP traffic: 192.168.2.83:445
          Source: global trafficTCP traffic: 192.168.2.187:445
          Source: global trafficTCP traffic: 192.168.2.191:445
          Source: global trafficTCP traffic: 192.168.2.192:445
          Source: global trafficTCP traffic: 192.168.2.190:445
          Source: global trafficTCP traffic: 192.168.2.75:445
          Source: global trafficTCP traffic: 192.168.2.74:445
          Source: global trafficTCP traffic: 192.168.2.77:445
          Source: global trafficTCP traffic: 192.168.2.76:445
          Source: global trafficTCP traffic: 192.168.2.79:445
          Source: global trafficTCP traffic: 192.168.2.78:445
          Source: global trafficTCP traffic: 192.168.2.195:445
          Source: global trafficTCP traffic: 192.168.2.196:445
          Source: global trafficTCP traffic: 192.168.2.193:445
          Source: global trafficTCP traffic: 192.168.2.194:445
          Source: global trafficTCP traffic: 192.168.2.71:445
          Source: global trafficTCP traffic: 192.168.2.199:445
          Source: global trafficTCP traffic: 192.168.2.70:445
          Source: global trafficTCP traffic: 192.168.2.73:445
          Source: global trafficTCP traffic: 192.168.2.197:445
          Source: global trafficTCP traffic: 192.168.2.72:445
          Source: global trafficTCP traffic: 192.168.2.198:445
          Source: global trafficTCP traffic: 192.168.2.64:445
          Source: global trafficTCP traffic: 192.168.2.63:445
          Source: global trafficTCP traffic: 192.168.2.66:445
          Source: global trafficTCP traffic: 192.168.2.168:445
          Source: global trafficTCP traffic: 192.168.2.65:445
          Source: global trafficTCP traffic: 192.168.2.169:445
          Source: global trafficTCP traffic: 192.168.2.68:445
          Source: global trafficTCP traffic: 192.168.2.67:445
          Source: global trafficTCP traffic: 192.168.2.69:445
          Source: global trafficTCP traffic: 192.168.2.162:445
          Source: global trafficTCP traffic: 192.168.2.163:445
          Source: global trafficTCP traffic: 192.168.2.160:445
          Source: global trafficTCP traffic: 192.168.2.161:445
          Source: global trafficTCP traffic: 192.168.2.60:445
          Source: global trafficTCP traffic: 192.168.2.166:445
          Source: global trafficTCP traffic: 192.168.2.167:445
          Source: global trafficTCP traffic: 192.168.2.62:445
          Source: global trafficTCP traffic: 192.168.2.164:445
          Source: global trafficTCP traffic: 192.168.2.61:445
          Source: global trafficTCP traffic: 192.168.2.165:445
          Source: global trafficTCP traffic: 192.168.2.170:445
          Source: global trafficTCP traffic: 192.168.2.49:445
          Source: global trafficTCP traffic: 192.168.2.53:445
          Source: global trafficTCP traffic: 192.168.2.52:445
          Source: global trafficTCP traffic: 192.168.2.55:445
          Source: global trafficTCP traffic: 192.168.2.179:445
          Source: global trafficTCP traffic: 192.168.2.54:445
          Source: global trafficTCP traffic: 192.168.2.57:445
          Source: global trafficTCP traffic: 192.168.2.56:445
          Source: global trafficTCP traffic: 192.168.2.59:445
          Source: global trafficTCP traffic: 192.168.2.58:445
          Source: global trafficTCP traffic: 192.168.2.173:445
          Source: global trafficTCP traffic: 192.168.2.174:445
          Source: global trafficTCP traffic: 192.168.2.171:445
          Source: global trafficTCP traffic: 192.168.2.172:445
          Source: global trafficTCP traffic: 192.168.2.177:445
          Source: global trafficTCP traffic: 192.168.2.178:445
          Source: global trafficTCP traffic: 192.168.2.51:445
          Source: global trafficTCP traffic: 192.168.2.175:445
          Source: global trafficTCP traffic: 192.168.2.50:445
          Source: global trafficTCP traffic: 192.168.2.176:445
          Connects to many different private IPs via SMB (likely to spread or exploit)
          Source: global trafficTCP traffic: 192.168.2.148:445
          Source: global trafficTCP traffic: 192.168.2.149:445
          Source: global trafficTCP traffic: 192.168.2.146:445
          Source: global trafficTCP traffic: 192.168.2.147:445
          Source: global trafficTCP traffic: 192.168.2.140:445
          Source: global trafficTCP traffic: 192.168.2.141:445
          Source: global trafficTCP traffic: 192.168.2.144:445
          Source: global trafficTCP traffic: 192.168.2.145:445
          Source: global trafficTCP traffic: 192.168.2.142:445
          Source: global trafficTCP traffic: 192.168.2.143:445
          Source: global trafficTCP traffic: 192.168.2.159:445
          Source: global trafficTCP traffic: 192.168.2.157:445
          Source: global trafficTCP traffic: 192.168.2.158:445
          Source: global trafficTCP traffic: 192.168.2.151:445
          Source: global trafficTCP traffic: 192.168.2.152:445
          Source: global trafficTCP traffic: 192.168.2.150:445
          Source: global trafficTCP traffic: 192.168.2.155:445
          Source: global trafficTCP traffic: 192.168.2.156:445
          Source: global trafficTCP traffic: 192.168.2.153:445
          Source: global trafficTCP traffic: 192.168.2.154:445
          Source: global trafficTCP traffic: 192.168.2.126:445
          Source: global trafficTCP traffic: 192.168.2.247:445
          Source: global trafficTCP traffic: 192.168.2.127:445
          Source: global trafficTCP traffic: 192.168.2.248:445
          Source: global trafficTCP traffic: 192.168.2.124:445
          Source: global trafficTCP traffic: 192.168.2.245:445
          Source: global trafficTCP traffic: 192.168.2.125:445
          Source: global trafficTCP traffic: 192.168.2.246:445
          Source: global trafficTCP traffic: 192.168.2.128:445
          Source: global trafficTCP traffic: 192.168.2.249:445
          Source: global trafficTCP traffic: 192.168.2.129:445
          Source: global trafficTCP traffic: 192.168.2.240:445
          Source: global trafficTCP traffic: 192.168.2.122:445
          Source: global trafficTCP traffic: 192.168.2.243:445
          Source: global trafficTCP traffic: 192.168.2.123:445
          Source: global trafficTCP traffic: 192.168.2.244:445
          Source: global trafficTCP traffic: 192.168.2.120:445
          Source: global trafficTCP traffic: 192.168.2.241:445
          Source: global trafficTCP traffic: 192.168.2.121:445
          Source: global trafficTCP traffic: 192.168.2.242:445
          Source: global trafficTCP traffic: 192.168.2.97:445
          Source: global trafficTCP traffic: 192.168.2.137:445
          Source: global trafficTCP traffic: 192.168.2.96:445
          Source: global trafficTCP traffic: 192.168.2.138:445
          Source: global trafficTCP traffic: 192.168.2.99:445
          Source: global trafficTCP traffic: 192.168.2.135:445
          Source: global trafficTCP traffic: 192.168.2.98:445
          Source: global trafficTCP traffic: 192.168.2.136:445
          Source: global trafficTCP traffic: 192.168.2.139:445
          Source: global trafficTCP traffic: 192.168.2.250:445
          Source: global trafficTCP traffic: 192.168.2.130:445
          Source: global trafficTCP traffic: 192.168.2.251:445
          Source: global trafficTCP traffic: 192.168.2.91:445
          Source: global trafficTCP traffic: 192.168.2.90:445
          Source: global trafficTCP traffic: 192.168.2.93:445
          Source: global trafficTCP traffic: 192.168.2.133:445
          Source: global trafficTCP traffic: 192.168.2.254:445
          Source: global trafficTCP traffic: 192.168.2.92:445
          Source: global trafficTCP traffic: 192.168.2.134:445
          Source: global trafficTCP traffic: 192.168.2.255:445
          Source: global trafficTCP traffic: 192.168.2.95:445
          Source: global trafficTCP traffic: 192.168.2.131:445
          Source: global trafficTCP traffic: 192.168.2.252:445
          Source: global trafficTCP traffic: 192.168.2.94:445
          Source: global trafficTCP traffic: 192.168.2.132:445
          Source: global trafficTCP traffic: 192.168.2.253:445
          Source: global trafficTCP traffic: 192.168.2.104:445
          Source: global trafficTCP traffic: 192.168.2.225:445
          Source: global trafficTCP traffic: 192.168.2.105:445
          Source: global trafficTCP traffic: 192.168.2.226:445
          Source: global trafficTCP traffic: 192.168.2.102:445
          Source: global trafficTCP traffic: 192.168.2.223:445
          Source: global trafficTCP traffic: 192.168.2.103:445
          Source: global trafficTCP traffic: 192.168.2.224:445
          Source: global trafficTCP traffic: 192.168.2.108:445
          Source: global trafficTCP traffic: 192.168.2.229:445
          Source: global trafficTCP traffic: 192.168.2.109:445
          Source: global trafficTCP traffic: 192.168.2.106:445
          Source: global trafficTCP traffic: 192.168.2.227:445
          Source: global trafficTCP traffic: 192.168.2.107:445
          Source: global trafficTCP traffic: 192.168.2.228:445
          Source: global trafficTCP traffic: 192.168.2.100:445
          Source: global trafficTCP traffic: 192.168.2.221:445
          Source: global trafficTCP traffic: 192.168.2.101:445
          Source: global trafficTCP traffic: 192.168.2.222:445
          Source: global trafficTCP traffic: 192.168.2.220:445
          Source: global trafficTCP traffic: 192.168.2.115:445
          Source: global trafficTCP traffic: 192.168.2.236:445
          Source: global trafficTCP traffic: 192.168.2.116:445
          Source: global trafficTCP traffic: 192.168.2.237:445
          Source: global trafficTCP traffic: 192.168.2.113:445
          Source: global trafficTCP traffic: 192.168.2.234:445
          Source: global trafficTCP traffic: 192.168.2.114:445
          Source: global trafficTCP traffic: 192.168.2.235:445
          Source: global trafficTCP traffic: 192.168.2.119:445
          Source: global trafficTCP traffic: 192.168.2.117:445
          Source: global trafficTCP traffic: 192.168.2.238:445
          Source: global trafficTCP traffic: 192.168.2.118:445
          Source: global trafficTCP traffic: 192.168.2.239:445
          Source: global trafficTCP traffic: 192.168.2.111:445
          Source: global trafficTCP traffic: 192.168.2.232:445
          Source: global trafficTCP traffic: 192.168.2.112:445
          Source: global trafficTCP traffic: 192.168.2.233:445
          Source: global trafficTCP traffic: 192.168.2.230:445
          Source: global trafficTCP traffic: 192.168.2.110:445
          Source: global trafficTCP traffic: 192.168.2.231:445
          Source: global trafficTCP traffic: 192.168.2.203:445
          Source: global trafficTCP traffic: 192.168.2.204:445
          Source: global trafficTCP traffic: 192.168.2.201:445
          Source: global trafficTCP traffic: 192.168.2.202:445
          Source: global trafficTCP traffic: 192.168.2.207:445
          Source: global trafficTCP traffic: 192.168.2.208:445
          Source: global trafficTCP traffic: 192.168.2.205:445
          Source: global trafficTCP traffic: 192.168.2.206:445
          Source: global trafficTCP traffic: 192.168.2.200:445
          Source: global trafficTCP traffic: 192.168.2.209:445
          Source: global trafficTCP traffic: 192.168.2.214:445
          Source: global trafficTCP traffic: 192.168.2.215:445
          Source: global trafficTCP traffic: 192.168.2.212:445
          Source: global trafficTCP traffic: 192.168.2.213:445
          Source: global trafficTCP traffic: 192.168.2.218:445
          Source: global trafficTCP traffic: 192.168.2.219:445
          Source: global trafficTCP traffic: 192.168.2.216:445
          Source: global trafficTCP traffic: 192.168.2.217:445
          Source: global trafficTCP traffic: 192.168.2.210:445
          Source: global trafficTCP traffic: 192.168.2.211:445
          Source: global trafficTCP traffic: 192.168.2.39:445
          Source: global trafficTCP traffic: 192.168.2.38:445
          Source: global trafficTCP traffic: 192.168.2.42:445
          Source: global trafficTCP traffic: 192.168.2.41:445
          Source: global trafficTCP traffic: 192.168.2.44:445
          Source: global trafficTCP traffic: 192.168.2.43:445
          Source: global trafficTCP traffic: 192.168.2.46:445
          Source: global trafficTCP traffic: 192.168.2.45:445
          Source: global trafficTCP traffic: 192.168.2.48:445
          Source: global trafficTCP traffic: 192.168.2.47:445
          Source: global trafficTCP traffic: 192.168.2.40:445
          Source: global trafficTCP traffic: 192.168.2.28:445
          Source: global trafficTCP traffic: 192.168.2.27:445
          Source: global trafficTCP traffic: 192.168.2.29:445
          Source: global trafficTCP traffic: 192.168.2.31:445
          Source: global trafficTCP traffic: 192.168.2.30:445
          Source: global trafficTCP traffic: 192.168.2.33:445
          Source: global trafficTCP traffic: 192.168.2.32:445
          Source: global trafficTCP traffic: 192.168.2.35:445
          Source: global trafficTCP traffic: 192.168.2.34:445
          Source: global trafficTCP traffic: 192.168.2.37:445
          Source: global trafficTCP traffic: 192.168.2.36:445
          Source: global trafficTCP traffic: 192.168.2.17:445
          Source: global trafficTCP traffic: 192.168.2.16:445
          Source: global trafficTCP traffic: 192.168.2.19:445
          Source: global trafficTCP traffic: 192.168.2.18:445
          Source: global trafficTCP traffic: 192.168.2.20:445
          Source: global trafficTCP traffic: 192.168.2.22:445
          Source: global trafficTCP traffic: 192.168.2.21:445
          Source: global trafficTCP traffic: 192.168.2.24:445
          Source: global trafficTCP traffic: 192.168.2.23:445
          Source: global trafficTCP traffic: 192.168.2.26:445
          Source: global trafficTCP traffic: 192.168.2.25:445
          Source: global trafficTCP traffic: 192.168.2.11:445
          Source: global trafficTCP traffic: 192.168.2.10:445
          Source: global trafficTCP traffic: 192.168.2.13:445
          Source: global trafficTCP traffic: 192.168.2.12:445
          Source: global trafficTCP traffic: 192.168.2.15:445
          Source: global trafficTCP traffic: 192.168.2.14:445
          Source: global trafficTCP traffic: 192.168.2.0:445
          Source: global trafficTCP traffic: 192.168.2.2:445
          Source: global trafficTCP traffic: 192.168.2.1:445
          Source: global trafficTCP traffic: 192.168.2.180:445
          Source: global trafficTCP traffic: 192.168.2.181:445
          Source: global trafficTCP traffic: 192.168.2.8:445
          Source: global trafficTCP traffic: 192.168.2.7:445
          Source: global trafficTCP traffic: 192.168.2.9:445
          Source: global trafficTCP traffic: 192.168.2.4:445
          Source: global trafficTCP traffic: 192.168.2.6:445
          Source: global trafficTCP traffic: 192.168.2.5:445
          Source: global trafficTCP traffic: 192.168.2.86:445
          Source: global trafficTCP traffic: 192.168.2.85:445
          Source: global trafficTCP traffic: 192.168.2.88:445
          Source: global trafficTCP traffic: 192.168.2.87:445
          Source: global trafficTCP traffic: 192.168.2.89:445
          Source: global trafficTCP traffic: 192.168.2.184:445
          Source: global trafficTCP traffic: 192.168.2.185:445
          Source: global trafficTCP traffic: 192.168.2.80:445
          Source: global trafficTCP traffic: 192.168.2.182:445
          Source: global trafficTCP traffic: 192.168.2.183:445
          Source: global trafficTCP traffic: 192.168.2.82:445
          Source: global trafficTCP traffic: 192.168.2.188:445
          Source: global trafficTCP traffic: 192.168.2.81:445
          Source: global trafficTCP traffic: 192.168.2.189:445
          Source: global trafficTCP traffic: 192.168.2.84:445
          Source: global trafficTCP traffic: 192.168.2.186:445
          Source: global trafficTCP traffic: 192.168.2.83:445
          Source: global trafficTCP traffic: 192.168.2.187:445
          Source: global trafficTCP traffic: 192.168.2.191:445
          Source: global trafficTCP traffic: 192.168.2.192:445
          Source: global trafficTCP traffic: 192.168.2.190:445
          Source: global trafficTCP traffic: 192.168.2.75:445
          Source: global trafficTCP traffic: 192.168.2.74:445
          Source: global trafficTCP traffic: 192.168.2.77:445
          Source: global trafficTCP traffic: 192.168.2.76:445
          Source: global trafficTCP traffic: 192.168.2.79:445
          Source: global trafficTCP traffic: 192.168.2.78:445
          Source: global trafficTCP traffic: 192.168.2.195:445
          Source: global trafficTCP traffic: 192.168.2.196:445
          Source: global trafficTCP traffic: 192.168.2.193:445
          Source: global trafficTCP traffic: 192.168.2.194:445
          Source: global trafficTCP traffic: 192.168.2.71:445
          Source: global trafficTCP traffic: 192.168.2.199:445
          Source: global trafficTCP traffic: 192.168.2.70:445
          Source: global trafficTCP traffic: 192.168.2.73:445
          Source: global trafficTCP traffic: 192.168.2.197:445
          Source: global trafficTCP traffic: 192.168.2.72:445
          Source: global trafficTCP traffic: 192.168.2.198:445
          Source: global trafficTCP traffic: 192.168.2.64:445
          Source: global trafficTCP traffic: 192.168.2.63:445
          Source: global trafficTCP traffic: 192.168.2.66:445
          Source: global trafficTCP traffic: 192.168.2.168:445
          Source: global trafficTCP traffic: 192.168.2.65:445
          Source: global trafficTCP traffic: 192.168.2.169:445
          Source: global trafficTCP traffic: 192.168.2.68:445
          Source: global trafficTCP traffic: 192.168.2.67:445
          Source: global trafficTCP traffic: 192.168.2.69:445
          Source: global trafficTCP traffic: 192.168.2.162:445
          Source: global trafficTCP traffic: 192.168.2.163:445
          Source: global trafficTCP traffic: 192.168.2.160:445
          Source: global trafficTCP traffic: 192.168.2.161:445
          Source: global trafficTCP traffic: 192.168.2.60:445
          Source: global trafficTCP traffic: 192.168.2.166:445
          Source: global trafficTCP traffic: 192.168.2.167:445
          Source: global trafficTCP traffic: 192.168.2.62:445
          Source: global trafficTCP traffic: 192.168.2.164:445
          Source: global trafficTCP traffic: 192.168.2.61:445
          Source: global trafficTCP traffic: 192.168.2.165:445
          Source: global trafficTCP traffic: 192.168.2.170:445
          Source: global trafficTCP traffic: 192.168.2.49:445
          Source: global trafficTCP traffic: 192.168.2.53:445
          Source: global trafficTCP traffic: 192.168.2.52:445
          Source: global trafficTCP traffic: 192.168.2.55:445
          Source: global trafficTCP traffic: 192.168.2.179:445
          Source: global trafficTCP traffic: 192.168.2.54:445
          Source: global trafficTCP traffic: 192.168.2.57:445
          Source: global trafficTCP traffic: 192.168.2.56:445
          Source: global trafficTCP traffic: 192.168.2.59:445
          Source: global trafficTCP traffic: 192.168.2.58:445
          Source: global trafficTCP traffic: 192.168.2.173:445
          Source: global trafficTCP traffic: 192.168.2.174:445
          Source: global trafficTCP traffic: 192.168.2.171:445
          Source: global trafficTCP traffic: 192.168.2.172:445
          Source: global trafficTCP traffic: 192.168.2.177:445
          Source: global trafficTCP traffic: 192.168.2.178:445
          Source: global trafficTCP traffic: 192.168.2.51:445
          Source: global trafficTCP traffic: 192.168.2.175:445
          Source: global trafficTCP traffic: 192.168.2.50:445
          Source: global trafficTCP traffic: 192.168.2.176:445
          Source: malware.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\OneDriveTemp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\dbg\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Documents\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Oracle\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\TightVNC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\Temp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\DeviceSync\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Oracle\Java\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\Logs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\3D Objects\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Application Data\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Contacts\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Cookies\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Downloads\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Favorites\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Links\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Local Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Music\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\NetHood\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\PrintHood\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Recent\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Saved Games\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Searches\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\SendTo\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Start Menu\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Templates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Videos\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\AccountPictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Downloads\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Libraries\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Music\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Videos\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\Reader_21.001.20155\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\Logs\User\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\AQRFEVRTGL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\DQOFHVHTMG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\HQJBRDYKDE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\KLIZUSIQEN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\LIJDSFKJZG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\QCOILOQIKC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\AQRFEVRTGL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\DQOFHVHTMG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\HQJBRDYKDE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\KLIZUSIQEN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\LIJDSFKJZG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\Outlook Files\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\QCOILOQIKC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Downloads\FxyxmdOyQe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Favorites\Links\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\D3DSCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\History\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Publishers\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temporary Internet Files\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\VirtualStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\Unistore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Credentials\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Event Viewer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Feeds\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Feeds Cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\FORMS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\GameDVR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\InputPersonalization\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Media Player\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Outlook\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PenWorkspace\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PlayReady\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\TokenBroker\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Low\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\msdt\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\VBE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\{0526F170-B257-4B5A-B638-A61006F3853A}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Credentials\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Excel\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\MMC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Network\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Outlook\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Proof\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Protect\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Speech\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Spelling\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Templates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Vault\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Word\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\S\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\Unistore\data\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Event Viewer\Views\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\af-ZA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-AE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-BH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-EG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-JO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-KW\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-LB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-LY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-MA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-OM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-QA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-SA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-SY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-TN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-YE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\az-Latn-AZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\bg-BG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\bn-BD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ca-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\cs-CZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\da-DK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-AT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-DE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-LI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-LU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\el-GR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-029\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-AU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-BZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-CA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-GB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-HK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ID\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-IE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-IN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-JM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-MY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-NZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-SG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-TT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ZA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ZW\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-419\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-AR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-BO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-DO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-EC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-GT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-HN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-MX\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-NI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-SV\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-US\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-UY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-VE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\et-EE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\eu-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fa-IR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fi-FI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-029\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-BE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-FR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-HT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-LU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-MA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-MC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-ML\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-RE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-SN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\gl-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ha-Latn-NG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\he-IL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hi-IN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hr-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hr-HR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hu-HU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hy-AM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\id-ID\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\it-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\it-IT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ka-GE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\kk-KZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\lt-LT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\lv-LV\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\mk-MK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ms-BN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ms-MY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nb-NO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nl-BE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nl-NL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pl-PL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pt-BR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pt-PT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ro-MD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ro-RO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ru-RU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sk-SK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sl-SI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sq-AL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-ME\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-RS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-ME\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-RS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sv-FI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sv-SE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\tr-TR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\uk-UA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\uz-Latn-UZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\EmieUserList\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\TabRoaming\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\AC\README.TXT
          Source: malware.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 52.109.8.44
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 52.109.124.153
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 52.109.8.44
          Source: unknownTCP traffic detected without corresponding DNS query: 52.109.124.153
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temporary Internet Files\README.TXT

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Yara detected Conti ransomware
          Source: Yara matchFile source: malware.exe, type: SAMPLE
          Source: Yara matchFile source: 0000000F.00000000.1780567176.0000000000951000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
          Yara detected Royal Ransomware
          Source: Yara matchFile source: malware.exe, type: SAMPLE
          Source: Yara matchFile source: 0000000F.00000000.1780567176.0000000000951000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
          Found ransom note / readme
          Source: C:\ProgramData\Microsoft\DeviceSync\README.TXTDropped file: Hello!If you are reading this, it means that your system were hit by Royal ransomware.Please contact us via :http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/12345678901234567890123456789012In the meantime, let us explain this case.It may seem complicated, but it is not!Most likely what happened was that you decided to save some money on your security infrastructure.Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server.From there it can be published online.Then anyone on the internet from darknet criminals, ACLU journalists, Chinese government(different names for the same thing),and even your employees will be able to see your internal documentation: personal data, HR reviews, internal lawsuitsand complains, financial reports, accounting, intellectual property, and more!Fortunately we got you covered!Royal offers you a unique deal.For a modest royalty(got it; got it ? ) for our pentesting services we will not only provide you with an amazing risk mitigation service,covering you from reputational, legal, financial, regulatory, and insurance risks, but will also provide you with a security review for your systems.To put it simply, your files will be decrypted, your data restoredand kept confidential, and your systems will remain secure.Try Royal today and enter the new era of data security!We are looking to hearing from you soon!Jump to dropped file
          Writes many files with high entropy
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\IconCache.db.royal_w entropy: 7.99379359762Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.royal_w entropy: 7.99969953107Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.royal_w entropy: 7.99966450456Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.royal_w entropy: 7.99962259573Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.royal_w entropy: 7.99124646726Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1684319521621248900_724DDF91-E372-411C-9B24-AB7293AE20C4.log.royal_w entropy: 7.99350628254Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.royal_w entropy: 7.99761496971Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.royal_w entropy: 7.99994716651Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.royal_w entropy: 7.99993983715Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.royal_w entropy: 7.9999395173Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.royal_w entropy: 7.99740588117Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\FORMS\FRMDATA64.DAT.royal_w entropy: 7.99935156105Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0BA6B95B-B5EC-4B9F-A2D3-51BD6D6FF521.royal_w entropy: 7.998957165Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB.royal_w entropy: 7.99373198087Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5732433C-DB76-4CEA-84F2-FDEFC3D2CDC0.royal_w entropy: 7.9987847434Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs.royal_w entropy: 7.99966059332Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00001.jrs.royal_w entropy: 7.99962851849Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbtmp.log.royal_w entropy: 7.99964699465Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\u2m79ck\imagestore.dat.royal_w entropy: 7.990876332Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{5C331E5A-C86C-11EB-87F5-000C29C35D9E}.dat.royal_w entropy: 7.99900481769Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2021-06-08_151132_b90-13a8.log.royal_w entropy: 7.99151998409Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.royal_w entropy: 7.99332577353Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.last.etl.royal_w entropy: 7.99220168165Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\MMC\eventvwr.royal_w entropy: 7.99875017988Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\MMC\services.royal_w entropy: 7.99824489006Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl.royal_w entropy: 7.99497173784Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.royal_w entropy: 7.99572800276Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst.royal_w entropy: 7.99814415016Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.royal_w entropy: 7.99947672751Jump to dropped file
          Writes a notice file (html or txt) to demand a ransom
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile dropped: C:\ProgramData\Microsoft\DeviceSync\README.TXT -> decrypted, your data restoredand kept confidential, and your systems will remain secure.try royal today and enter the new era of data security!we are looking to hearing from you soon!Jump to dropped file
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile dropped: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\README.TXT -> decrypted, your data restoredand kept confidential, and your systems will remain secure.try royal today and enter the new era of data security!we are looking to hearing from you soon!Jump to dropped file
          Source: malware.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: malware.exe, type: SAMPLEMatched rule: MAL_EXE_RoyalRansomware date = 2023-01-03, author = Silas Cutler, modfied by Florian Roth, description = Detection for Royal Ransomware seen Dec 2022, version = 1.0, DaysofYARA = 3/100, hash = a8384c9e3689eb72fa737b570dbb53b2c3d103c62d46747a96e1e1becf14dfea
          Source: malware.exeReversingLabs: Detection: 62%
          Source: malware.exeVirustotal: Detection: 72%
          Source: malware.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Downloads\FxyxmdOyQe\malware.exe malware.exe -id 12345678901234567890123456789012
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Downloads\FxyxmdOyQe\malware.exe malware.exe -id 12345678901234567890123456789012
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeMutant created: \Sessions\1\BaseNamedObjects\12345678901234567890123456789012
          Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\Feedback
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\Temp\README.TXT
          Source: classification engineClassification label: mal88.rans.expl.winEXE@5/433@0/600
          Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.ini
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: malware.exeStatic file information: File size 2237952 > 1048576
          Source: malware.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: malware.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x18f600
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: malware.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: initial sampleStatic PE information: section name: .text entropy: 6.851367351208121
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\OneDriveTemp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\dbg\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Documents\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Oracle\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\TightVNC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\Temp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\DeviceSync\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Oracle\Java\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\Logs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\3D Objects\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Application Data\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Contacts\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Cookies\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Downloads\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Favorites\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Links\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Local Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Music\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\NetHood\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\PrintHood\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Recent\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Saved Games\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Searches\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\SendTo\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Start Menu\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Templates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Videos\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\AccountPictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Downloads\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Libraries\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Music\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Pictures\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\Public\Videos\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\Reader_21.001.20155\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\USOShared\Logs\User\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\AQRFEVRTGL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\DQOFHVHTMG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\EIVQSAOTAQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\HQJBRDYKDE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\KLIZUSIQEN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\LIJDSFKJZG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Desktop\QCOILOQIKC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\AQRFEVRTGL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\DQOFHVHTMG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\HQJBRDYKDE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\KLIZUSIQEN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\LIJDSFKJZG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\Outlook Files\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Documents\QCOILOQIKC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Downloads\FxyxmdOyQe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Favorites\Links\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\D3DSCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\History\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Publishers\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temporary Internet Files\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\VirtualStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\Unistore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Credentials\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Event Viewer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Feeds\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Feeds Cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\FORMS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\GameDVR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\InputPersonalization\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Media Player\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Outlook\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PenWorkspace\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PlayReady\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\TokenBroker\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Low\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\msdt\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\VBE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Temp\{0526F170-B257-4B5A-B638-A61006F3853A}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Credentials\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Excel\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\MMC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Network\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Outlook\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Proof\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Protect\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Speech\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Spelling\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Templates\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Vault\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Word\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\S\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Comms\Unistore\data\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Event Viewer\Views\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\af-ZA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-AE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-BH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-EG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-JO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-KW\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-LB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-LY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-MA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-OM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-QA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-SA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-SY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-TN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ar-YE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\az-Latn-AZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\bg-BG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\bn-BD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ca-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\cs-CZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\da-DK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-AT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-DE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-LI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\de-LU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\el-GR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-029\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-AU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-BZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-CA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-GB\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-HK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ID\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-IE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-IN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-JM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-MY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-NZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-SG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-TT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ZA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-ZW\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-419\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-AR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-BO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-CR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-DO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-EC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-GT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-HN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-MX\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-NI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-PY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-SV\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-US\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-UY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\es-VE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\et-EE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\eu-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fa-IR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fi-FI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-029\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-BE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-CM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-FR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-HT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-LU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-MA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-MC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-ML\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-RE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\fr-SN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\gl-ES\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ha-Latn-NG\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\he-IL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hi-IN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hr-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hr-HR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hu-HU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\hy-AM\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\id-ID\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\it-CH\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\it-IT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ka-GE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\kk-KZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\lt-LT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\lv-LV\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\mk-MK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ms-BN\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ms-MY\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nb-NO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nl-BE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\nl-NL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pl-PL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pt-BR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\pt-PT\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ro-MD\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ro-RO\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\ru-RU\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sk-SK\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sl-SI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sq-AL\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-ME\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-RS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-BA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-ME\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-RS\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sv-FI\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\sv-SE\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\tr-TR\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\uk-UA\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\uz-Latn-UZ\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\EmieUserList\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\TabRoaming\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalCache\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\SystemAppData\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\TempState\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\AC\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeFile created: C:\Users\user\Start Menu\README.TXT
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeProcess information queried: ProcessInformation
          Source: C:\Windows\System32\cmd.exeFile Volume queried: C:\Users\user\Downloads\FxyxmdOyQe FullSizeInformation
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
          Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Downloads\FxyxmdOyQe\malware.exe malware.exe -id 12345678901234567890123456789012
          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeQueries volume information: C:\Users\user\AppData\Local\Temp\~DFB7E2EFEA5A45E5B4.TMP.royal_w VolumeInformation
          Source: C:\Users\user\Downloads\FxyxmdOyQe\malware.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT.royal_w VolumeInformation

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation1
          Registry Run Keys / Startup Folder          		11
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Network Share Discovery          		Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          Data Encrypted for Impact
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Registry Run Keys / Startup Folder          		1
          Software Packing          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
          Process Injection          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
          Ingress Tool Transfer          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Obfuscated Files or Information          		NTDS12
          System Information Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          malware.exe62%ReversingLabsWin32.Ransomware.Royal
          malware.exe73%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.109.124.153
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          52.109.8.44
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

          Private

          IP
          192.168.2.148
          192.168.2.149
          192.168.2.146
          192.168.2.147
          192.168.2.140
          192.168.2.141
          192.168.2.144
          192.168.2.145
          192.168.2.142
          192.168.2.143
          192.168.2.159
          192.168.2.157
          192.168.2.158
          192.168.2.151
          192.168.2.152
          192.168.2.150
          192.168.2.155
          192.168.2.156
          192.168.2.153
          192.168.2.154
          192.168.2.126
          192.168.2.247
          192.168.2.127
          192.168.2.248
          192.168.2.124
          192.168.2.245
          192.168.2.125
          192.168.2.246
          192.168.2.128
          192.168.2.249
          192.168.2.129
          192.168.2.240
          192.168.2.122
          192.168.2.243
          192.168.2.123
          192.168.2.244
          192.168.2.120
          192.168.2.241
          192.168.2.121
          192.168.2.242
          192.168.2.97
          192.168.2.137
          192.168.2.96
          192.168.2.138
          192.168.2.99
          192.168.2.135
          192.168.2.98
          192.168.2.136
          192.168.2.139
          192.168.2.250
          192.168.2.130
          192.168.2.251
          192.168.2.91
          192.168.2.90
          192.168.2.93
          192.168.2.133
          192.168.2.254
          192.168.2.92
          192.168.2.134
          192.168.2.95
          192.168.2.131
          192.168.2.252
          192.168.2.94
          192.168.2.132
          192.168.2.253
          192.168.2.104
          192.168.2.225
          192.168.2.105
          192.168.2.226
          192.168.2.102
          192.168.2.223
          192.168.2.103
          192.168.2.224
          192.168.2.108
          192.168.2.229
          192.168.2.109
          192.168.2.106
          192.168.2.227
          192.168.2.107
          192.168.2.228
          192.168.2.100
          192.168.2.221
          192.168.2.101
          192.168.2.222
          192.168.2.220
          192.168.2.115
          192.168.2.236
          192.168.2.116
          192.168.2.237
          192.168.2.113
          192.168.2.234
          192.168.2.114
          192.168.2.235
          192.168.2.119
          192.168.2.117
          192.168.2.238
          192.168.2.118
          192.168.2.239

          General Information

          Joe Sandbox Version:37.1.0 Beryl
          Analysis ID:868123
          Start date and time:2023-05-17 12:31:45 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:1
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample file name:malware.exe
          Detection:MAL
          Classification:mal88.rans.expl.winEXE@5/433@0/600
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): SgrmBroker.exe, usocoreworker.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): login.live.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtCreateFile calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.
          • Report size getting too big, too many NtOpenFile calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • Report size getting too big, too many NtWriteFile calls found.
          • VT rate limit hit for: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Created / dropped Files

          C:\ProgramData\Microsoft\DeviceSync\README.TXT

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1473
          Entropy (8bit):4.676364699387907
          Encrypted:false
          SSDEEP:
          MD5:27152879A897C13AE7E3365F45730DFA
          SHA1:8C875FD491382B2116E55617294E5F85FB55AB5E
          SHA-256:14C5232061C21C33754951E8345966589335C85DA750C30F7F435D064391D412
          SHA-512:342839F0353168D80FB52ED1B007AA752FBFA7608EF219D8E9761739B14E6845422CFAFB906356E2A98BB4EEC384AB667D6CD651F0DE93FB3294A786D54F8E88
          Malicious:true
          Reputation:low
          Preview:Hello!.....If you are reading this, it means that your system were hit by Royal ransomware....Please contact us via :...http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/12345678901234567890123456789012....In the meantime, let us explain this case.It may seem complicated, but it is not!..Most likely what happened was that you decided to save some money on your security infrastructure...Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server...From there it can be published online.Then anyone on the internet from darknet criminals, ACLU journalists, Chinese government(different names for the same thing),..and even your employees will be able to see your internal documentation: personal data, HR reviews, internal lawsuitsand complains, financial reports, accounting, intellectual property, and more!.....Fortunately we got you covered!....Royal offers you a unique deal.For a modest royalty(got it; got it ? ) for o

          C:\ProgramData\USOShared\Logs\User\NotificationUx.1d4f57f8-b43c-412d-8c8b-6f95b9fa276d.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979622741559261
          Encrypted:false
          SSDEEP:
          MD5:8527454A1688CD209D8356451C8DEA67
          SHA1:FE871C4D26FD3F6B1BC3B20DFBBFE0E9CA50C34B
          SHA-256:03C41A1C3C987196C856962518187F50722F554050CD67A78CED4BCB73892BE6
          SHA-512:F44E73C6E0030E70EA347949AB8ADA6119B8A8BFCED5A430FAB0DCFECD7894BD69C2260A5AC05051B6D24B3CF7C4F546911FCE166246EFF1B8D185D85E8EA19E
          Malicious:false
          Reputation:low
          Preview:......#.......x._bz........Ai.8D0z....0f.w.._.0...}d.eu.~..Fex!o.....".p......XqVG8g.......4..A....B.E.../.$.k#=.c.z.....:...%.oN9../.....3.o.......O..t.........3..hrr".*Gv...I.l......bh......mS.`.W./...W.Q..4..'l...du..M.D8T'..AA..w......:..s$@I.U..7.<.. ..Ta...PE....QE..H....L{..e3.f.O...O..fB.N..S.vL.....wWI0...\K.s.....b......w.s.!=.....w...${py...............d.G.5.4>/...$.V.$..A...rCHC.km.)wy..g.9.PssS...=O..".|.,]u..T....t...."...k.\...t...<r..X=..v-.<C.5V_..$.g.-.....n}.)avB:...j.4...]J.r.!..K&...M...Y.`..e-..UP^..Vz..g..G..5F..:...:...$.W....+........|..,k'l[.<.0w.u.}FERz?Rm..5,..7._..=c.^j.~.j-U)....._.....1?...$..P.F........H......<s.2.-."6.?..x.I....`.;........>qj..%.Q.=.../.....~....:.....I;.e.........n@.E9..u.].P2'.OR.....%....=..t7.=..7.....o...m...]...W.b.\nA4[.....E.q...A9.@U4.....1...........$.m..[.=2...d.7...d[.`.i.@...e....q..@H...<...nx...t..O.R..z.E.......!\_G........._.0?}.O4v../..fQ.W...3W....n.....V.*.!O.*f5X.

          C:\ProgramData\USOShared\Logs\User\NotificationUx.444ea595-6a02-4e33-9d6c-209bb54fbc14.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977426672924072
          Encrypted:false
          SSDEEP:
          MD5:A0F001E63DC799AF24F86E7F4BA562D7
          SHA1:BEE29A4B4393851E32B1E5A697033B2FE7753162
          SHA-256:DA9E1312CAFD500CBBB680375AE6D0BD5D7918FE49298726DE5B3B1D7342B95F
          SHA-512:D1DEF95D8ACE4EC4123BB1A9487B75DC79D1AD77E43EC0ECA2C79FB43D5B9761E32716D8D14D83977DCEA2449BBF67CB412F86B907E798DA75BBBC211A9467B0
          Malicious:false
          Reputation:low
          Preview:.M...>...5.h.hf..n.o.B.........O.:|.u...'.<...... a......Q.3|nJcD.u..."[T.C~[.^)^>m..h..6e/..8.*..a2."W..Y.sq.E_]......F....w...3y3|..GaY...{.H......J..._Y.XXb....O0.x.O.......c.i..]...f........l.%.m'u-..X.....1.!..w.V.....^.d..xOMP..%.R...3...o`..TD.4.s....._Bs........<.XKG....{....$:.Z*.>vUD....AD.g..`Jt...D....*...,%....j\...yiI..e..._..>.md$..u^..".D....I'.... .2.tn.xo-..H.....M.`......=W....Z1.v..\.ZK.e..N#Lx(..g...jB`vb..u...X+..O.....^.V..,....E.M.-..?..'I.....%p..zE.1..,..2..4.3=..M.....B..'.[..%.....1.gI>F....W...t.q...Q.@..Rg.8V~F1......V.........Z._`.Pt...N...q~.._H.!]...J.^dq/...w.&..K<....?.h.....-1...\..JrN;u.e..Pb..4.....f^.....1..}tQ...v..BC|S.|/..F.H@^:..RC.s.........O..!.. m.e3.'h....|..Y.q.........$p..{..e.....l.WQb...i...w.E.C.12..........&.x..G\.\......{...&..7..H....M.....5:.b.MV.... .d.|...X.{N.\.?.~ Pr..9..f...j..*j.G.{.H...bj..fy"..=h.E....I....}.R>...BbI|...W/._\.t....z."...~:8.E...]C...c.2..X.....|B.... ..;.&..c..

          C:\ProgramData\USOShared\Logs\User\NotificationUx.47014d92-c4f5-4f11-8388-2e81c0490f5c.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980946604790989
          Encrypted:false
          SSDEEP:
          MD5:72958D1EB53886C3E4417DD63D961616
          SHA1:0D4E057D1AEF3EAB078B55413D4BCF899CCA9329
          SHA-256:0F1ADFA63FA328935565379C6CE1EB2340213CAC8248386C334D831F727FD497
          SHA-512:6B34F2A74732AB65B1A6D3792A5819177D088AF88789BB1D0BDD7B2521A3B052FABB5A59594CB7163D233FF2360A8850B3C5D4BB012E200130669D2AE6BA308F
          Malicious:false
          Reputation:low
          Preview:.}h.*..:.....W...'(..|..x.i.Ms..4....z}.Y..]..2.[.y....jyr.BnbuW .y#.S.h....w.r.s.7.N.AI..z1..\`.4.,..RX.Z..EBed}....n..8.C.+..S..(....,4DVK..Y5..W\*.0..A..Z.'y.....14f W.{...2.]I..^Pd.Q..-.......r-.!.q...Ew....t.QO..>.....P.....L....['.q~...V...{.VV..{Q..<..2..>.....@dV..F}.....f:..iY.....k.]..g+..8o..D..p.C...u.....w...Q%..3}..$K.7..K...A.e=(.u..r..."1z.j=...!M..|..|>...#........W..H..[....:.%_9.5.v....w.!.(.E.%.q...(..]t.,....,Emt...u...Q..-x".y.'.......~0.19...W...U.Re....*....T.`.1.2.B.R.L.......P0Q.E...>h.UI.)...:...2.......M..Ku.9.W,PK[.fMBB^D&H..l5S..@6o...3.5.....Q....2jp...E.,.........vG.oF..j<.. ...zYKk.......".M.*,d] .....P9.Z...t....8....9.F.?.}.x{..EM.t.'...<..3.K..7jlE....03QvU..L..D.!..(.,6...f...g.".gF=dV......}.}.5.O.O=^.j....x...>g.M.L.<..>y.o.nw..w.h....i.A..n....[..5..........3.......a!..J'.b..dC...\.;.vN.j..n..#..C...[N/E....k......b..L..K^B#.OG..a?C .{..i.!.s..=+en{X.c....1.....,".(m0H.5K!. ..U.xV........T..6...

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.07671258-1986-4a94-bfdc-6e5e1a034c94.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977344676853936
          Encrypted:false
          SSDEEP:
          MD5:9BDEF9506387A996DC19351BE115D3F7
          SHA1:D882D6B339143E4573EE878DEC610BA7BDDA13A3
          SHA-256:50038102FD68856091053E005695419EE3DA842B2305D23B77F11D869F065014
          SHA-512:29AA0CB71807607B41157D0A3159D0F9060E4B12CBF5B6AFD877694EA20F692FAF198A305F8771F9C3B23CE2B1B7814F6932546BF27C166AF7B4FAF89B8DEBBC
          Malicious:false
          Reputation:low
          Preview:.N..J..^2.`....--.z.E0.....T.......X.J..5.goQ.2..-t..~.x......TN.{3.E..k.#...WP.=)K.*!...:.(.a..$b...t,~...,L.kH{.yP. d.e`(.].9......8/.c...............7Ty8..$.".VX.)H(........TqK.n..N|... BS...E..G.nP}.#g...G.j.].9..K#..w..&...MB...'..i.,...A....}...I..E.Q.t..S/.Hc.h...P...c*u.x..~(..A...I.5m......O....T.4d..G.".....X.Tn,s^...b..P.Y.59.j.T...g.;4.."I.^.%b..(.b.n.6..NC.S.M... .,......I.#.-.u:u......qHW.v:....e.D.dO....V.'.td|Rm..Q..I..<=..B[V."-.*.."........t4..I.V>...V...1G.,.G.........AO:IZf/.+...d..........77_E....%..$.;..+N`.M.P.a..X.J..l..w..j..z..0..[.N..........f&..;'..O.)fEs4E\J..Mr.c7VE..E..(.%..#...S_.'.......Qm..+.....+.#M...f...E.4.......8K.."..E&(.o.4.&..Y.*.U..&.....B....9.j....u..**.|.........RFxx,...7(.5i;...7.1+Z.)..g..k.n..z><.R..q....Eg.A....$9I.p..g...\.I.aw/l.......#Q.h..ue.y=9=...sL....%..3.(3.03t...>;6sA2[.....rwj2[B.h...u.O!oo."..h...6&N";.(.......nr.;..F..Z.'....;m.5q.S..ER.O^.x....C....~..Hr..\}.!.z..~......;<...p~.kY...

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.0afbfb91-e626-4ddc-951d-82a3f8d00877.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979703504957294
          Encrypted:false
          SSDEEP:
          MD5:D6477992A5B52BAEF7BC9AF0D8A12672
          SHA1:BFA4A6BB46529131B20A8F23D2EBA2820751F0BE
          SHA-256:962288CB9E498602B38AF6A0CFA542911BD30583FC3ABDE4153CFA0E8D97CE5C
          SHA-512:687D7C4216E915D51FC8DCD4E49124C1A7495AFD2BF1214310EDFDD0C65CD21845233E5818C1D54C1068C5F59C2D460436559E82F275368ECADF33F785FFBB0D
          Malicious:false
          Reputation:low
          Preview:.VY.I......U..U.*.....)(.>5K.j..%..Q..... .5e.b.]..=.~......:...."c.U.....r.1T.H.h..Z....~.Jv/..t..._.R;.ol..].)..]...j.p(S....,Wms.D..'.q&t....#..M......Uu#....Y.8.z.G ..g.X..a.#G.7..}..T.Dq<o..a.f..W..I%........ob..8....%...o.(OhE#.....,.."?......G.0G0.^..,.v...^K...jO.2.g+..#..a.NS..S!ai.z.F.......@.....<B2A...Ca....bs.....6&..Sb./.,..4U4.......x.{....e..fe...] ..$..h"....g.t$j.g.......WN...W.]....>...q..l.6...zT.|.4.FLA.S.\-*n._$e$...%....xC......pD.PT:}%.....T../..0.D.Kl.v.w4.Uj.]).....w.....j.Ha.....V..........eC.,.{P.Zb.nE...bf......?.....!\\..4...WK/L_+...`j....!......?v.)y..F....3G.n.v.g.......N.g.....:..!6...U+{.>......[j.>$Y......De'%.G.P]E^H..+Gt...W.:.H...a..&~.=l.L.z.}t..Pr...].rP..6;'.qe.^.-.:...$...xSAX.]z55..b,...2..6./.=$.:4F.f..G..sKm......X.@....k?...A....V+..U.7j............].3....V...._.,..U5lx.i...#....g.]..Z..........Ny.K1...%i.........<.F......V.4.t.4..,...W.....Sl.GM....#.<...4....Y.zp....=.1....%....qed..s\&..;...

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.2aa04435-f921-4d6d-b712-8f1a6b27d14e.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979286418360345
          Encrypted:false
          SSDEEP:
          MD5:08E11FFCD91B1386D40F155ACBE78A0B
          SHA1:6F956C53200A00283F279B6848FA7C2F0613EAC5
          SHA-256:8C88EA56F2E8D8053DEE7AD90E65F867CA299ACEE6D38DC8F253889648CBCB25
          SHA-512:CAE431523A02496E1B4881965BB769672BA50E398E8556E3C4C91AC7109720AA7F3FCCB7C0BBB78287932F17D410A0C5D9D3A78D00146324B864DFA2A3966A3D
          Malicious:false
          Reputation:low
          Preview:.x....9*..uc&...T......<..{....A0..........3.#..@..c....]...]..j.?..O.q..p.@.I.I...2..s.Z....-q....r.P..-"?.(......2.pN0.A..n!PO....-{y....'.c.+6S...C...=......&..$8.l..&...K.S.U...b..\..3...e..rM.7.."J....]nP#/....d.X>Q.h......[#.lY...5.....E.h..#..4......O..;.S.,c.e".m**.B._X.|.4......v2p........^PWpU......5u..A./n5.xh-u........3J./ =_..'...4.g.....NV8..U....v-.A|rks6.U=.*h.HC_kQ.iz...E.j.{..Q~....o0O.c6\_.,..B....+OI3.x......#*I_J.=.97v...f...ml..]9_...@qB...W..Y. ....1...>..-..!...=......+....E~..RH..=.4.$2Z.....-.~}6.?:...J+......'q ..J.Jf=...w.?..e;...b..obq..Xh...p.......t..x..ox.J.L.N`.,...`.<....`.}a....s..E..X.d.V...F.,.#..h....%.......^n..Y.W.w..Ff.|......f[...........r?o...AJV..4.:..x4.........5T...S.dX8h[*..j.....A..(.....N..G..p!.......Ap...D.3.."....r.....e:.=W........;.Z..d)..E...^{..;.+P.i.E....Fc.5'...RP......Xo.8....og.Z...`..J..*t=i....g.....r.../P...o...h.X)....gH.f.......n.$G.....{....|......m(z........

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.2ca0e824-af43-42e4-8a67-ecf81d6ee52e.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979101643566339
          Encrypted:false
          SSDEEP:
          MD5:3D9DF57565CF598B46A0E7EC2CCDC890
          SHA1:F55AF89F58892A02738D65B142B2C77A5B696613
          SHA-256:2C5522F64F643A21883DEBF2EB52603C52B59183E1257694744B692CCF749BFC
          SHA-512:22FD0994E77D9EF5804FFDB5583F3BFC47314EA536D336C7F87050D5A1B65599083B56FC1C548C43FB427BC98D5ECB71C4304DFE7F86DF9FE7DF4E8DC51B2B8C
          Malicious:false
          Reputation:low
          Preview:&..4oL..T..e?.89.$..!..I..^...G..r..t.K!.1...c.7.t|-y.3. w.....~...!+s._.['....8.7.V0.b0O..c[.....1m]D.\.d.C.Yl?.*.|.v.\a.jn,....S..6.(.i.....Q..<......~..)(...2!.;B.Sb...Z...&.y.N....d.E1,Mj.8..y...m..H....2M...0......`.uS..eu.j.....M.....h.1.O..U.[.....4>.".a..R...`...r|lS.gQ7.j\).hS.^...D....o..8u..]..q U....h^.x.~Z...f..[..qb..yE?).....uxj..ue5[....<..-......Y=0B..=2q.\-.XJ........ ...R..'".(..e...+&b..g).a!...v...V.1c.....H.....5.@m-.z.TL R...*..X.O...nh..K4{...f...g....>z.&.0D.-.:.....SbzF.O....d...9m<..rp.@W...or.@9.\........N....nl-....:......../6...:..."n;D..p.t.O,).tQ..L.V.pR9gX.K.4...U.y.y.......8G(.DPE..T..a......SS..R=D.....V?..@.3n.I.P......p_..D,...|. .P...Tp..,.,.9...CZ.Z..c...]b.{...7..."...{5..Lq'.SX.%.........t_.'<.@n.-..6!.}...:I.D.].......Ey...l....l........'....}...]...i....Xk0.&...S......@!&.=..+.e.S.I..U.....nM.z.b..n..y..R.<..j..2....,.....s..|;D....H.a..)...1n^.0...;....O...,......,........~x....)..b...U.......

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.5db65f32-0610-4558-8633-97f78dd9ce23.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977851767635067
          Encrypted:false
          SSDEEP:
          MD5:709B1F76EFA46FBAD223D7A3619583A0
          SHA1:7B0D33CEA4A4739F4D2ED83230E150DCE8DD25D6
          SHA-256:F4CF0CCBAA219FBBC7D3249F12A0CE7ED4CA10503B0935BE2A8BFE4356CBB5E2
          SHA-512:2CEB39CAE91C8036D1AFBFFE3FAEB87EC839D48A02BF28625076C1D52CDD76804BF1A24E9BF5D39E82C2CF06337AA3FFF67432327D4E3F2CC727567BD1155C62
          Malicious:false
          Reputation:low
          Preview:3..Id.RU...5.W1.v...V21.V..|....F....)..n..6....._.(.A...s......-..-.[...E&..H1H=..V..[..]W......\...3...<.....7GX..H.}d.$.:z.w.b.m.krkV.....\q.I...v.e*....(...S!...7..o@|l.!.OW~p..)J..+.....P.b..bR...M..~.n+^.mN....p..nQ.}.qq.......k.M....v.d).......E....{.C....?T.D8o....[.).L..)a..t.\....W........."t\.+.....{...(.gR.q..p.....>....q...<#.D.MTRz[$W.&.^=.k.G.t..|'.......Sa...C....$.Y..It/.W>hK.....F.4pT&6.4."`.F.^1}.!..v.]g.cm...lg_.."...S\|y.L^3..._..rI......S...%.R....`Yny.F..>........... ...E...nH....y.t.<..?f.i......3K.z.u..S...]b...r...g....J..c...... :7......&@..0.......f...?3.I.(l...p.?..<hd.D.HVBd..!t..&......P.c...+lV...vG..,E.H.sY./..D./.X..M........3...il3'..D.K.......y.....@"..[......%..M..1z<.....0}.k....w04......I&.G.D..k....I..C.jY.Y.g......~.)3.AU.....-c..Ev...g.....@..Qw........:....2V....[.E.....T.9J.-.....`.....d........3_..a...`..........D-..Q\.<....53..e.'%....;V.-....z..c..@..N...m).r...5H...JJ.}..RY..Co..5

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.5f195b2a-2bc8-45ed-bad9-a6b5ad3627ee.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979221781504808
          Encrypted:false
          SSDEEP:
          MD5:12DFE5C8DD5195D46E5D8A829609E1C2
          SHA1:043D9AF31743D97A70141CE1B0E007AC8CC1606C
          SHA-256:BD40E4B742F0E26CA2B897485AC8D0A4FFF9680E63497B8438092FF0C82FB323
          SHA-512:D82C430FD813A7C281B7A794E93019AEC76AA18D5D3AC08FFB5245D2953F29C5C9BE04EC18AD4B7DCDE18E54A19A479DDB0A85F61DBEEC584559EB336BC06A05
          Malicious:false
          Reputation:low
          Preview:i....<.C..F..9U...x.C.)3.\..WC.G.t.aOm..n...s0.....;...K./i.........3Kw#`.K)..............H...;....7T^T..^...*.u...SS.s.... v.c...!........p.T.....Ws..^.Y.>..Fd{Ey..vH. *...@..pTd....U.7G.c.....m.F.5B3.5t....o.O.?...7......K.Z.q,....W.n..5..,.......M.N.t.3..L....zm.E..0g/.Q.....V..@.Q...3....~.=.S.KX.{^..F2.o.m...}k....Z4j@....."..........@..x.9MA..4ZPrja...sX][...;.=@..2:.A{. ..U.. ...B._..+.Sk.Y.N51]......4...ii...g...&'h.VA....G.......X.B;......o..)....O...~.i.T3.P!`....4.g.M..?.5.a...E!vrWK..o8.w=St.u"4..<....GPrQ..k@.#M..~....6..;.].k\.U..c....wr....g.......'T.2.P.f...t.8.xs7.'+.O.?.i.*$.T.<....U.~..^...a.or".0.\l/z5Q.oeb.a....3.^Q..T.....zZ~....?..X....N.6i<....+`..1.Ku.?p_..@.aJ.L.&......6..O1."....#e....eu...N..5$.._..e...W.F..Y6.`.,J..O..O..,c...c...!!..3t..i....v...........&. ."...m.~..'...3.j..(S>.Y"..j.;../.e....Ed..G.n..hB.. .\N4g..?l9....N....5.o,..E.....g7b1.g.U.I::.'.6..[6T......=7nX...2h.....1..a....W...(.g.....Z...NO.[.R

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.8e789948-e940-4082-9746-2d7a2066ab63.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976051309469271
          Encrypted:false
          SSDEEP:
          MD5:EDE08422CAA092D0C7B9C61844D42F6D
          SHA1:E7E71FFFB555AEAEDAF367AE22EDD7EA3ED82981
          SHA-256:E2B5690B518684594A904F5522961952AC7CD435E54660A48BA69E30DFE263F6
          SHA-512:7A1274722D07500B1162EBA3331242787A7050AE5C70969B833A227F6F534B2D26A8E4CE0280C25B587A91C2A254666ED6CA07F5D8F911A68E05D0252952809C
          Malicious:false
          Reputation:low
          Preview:...T,c.n;..no.7.F......Fsa.1.0l.......LDN.bI.w... ....j.0..xx..8.4r/.h.X.'.....!.b."*c.f.6NSzL.;..ixc..;M2q=..ys8io..(..X...*.."...i..z.eg..'.!..L..r.........Po\..G...~..yCm.7;..2....$......io.D.....?..m.... [9...7...@.1...S.J......)...:..)qNP.....%f.....f0....8. ...b..!..UD.$.$0..T..4.g.F..(+..w$.[t&+..`}B..X..c7!..^Sp......7v.8.. ......8.M....]&...q...eVH.:P6....@......GKa\...T.w.......z.?wk.:He...(.....'.fz\.h....;.^..g..&|..,*.....(...E.!?|.<.@'jp.N.v.........W...`.o.....%z....I.>.fI.......<..Q.....[.F........0..lc.d.P...Y.l.!eI...i.EP}.<.+U..A........./m.p.......^..........x.s<...@.s.gf.DE.$...H...(X.u..P..*.G...H..=.c.........BnD......!..\R.o.&...~|....X.pYQ..d..OO....ol......InM...g=.o.'...)..4.aF.(...^S.H{.....R...-ZCo...}.(..Io.^1.O$\....:.+.F(.A..E..-e.| .a..6_.@..%..9.z....I.u#h?n..<..%....;.j.s..8..n..H..H.;.l `.c_.k<R..0...x0.......v..uN..#:.NP....6....t[..<...F.(..3.Jn..|G<...h^.}}....:k...I{[ lP....].......0.r8...U*.

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.efa2710a-e0e5-422b-bece-7acbee31df21.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97626948306113
          Encrypted:false
          SSDEEP:
          MD5:8C93F067FAD81513ABB7BC9AB285CB70
          SHA1:53735154E12CEB97C0570A5E853E413EC9E7D686
          SHA-256:5EEAC0F8322C9F6C8AFF7900E079A287F0C59CB5956FA800B5925E78D1F7AE0A
          SHA-512:7CBD1D7D933E76BCF207155BC7FC37438A4A968ED9AE1CCB403787A996EE70711C57B4F55D2390F9904AA6CDA3D195AA3F41610C1AFF2A05F04FC55516D3B54F
          Malicious:false
          Reputation:low
          Preview:.k6hP.tH.X.n.?.....%.~...f[1V/.....e...9/.....P..|).qU.p.KN..Q.SP/..b..k.EL+..-...>...'.Ne..4.6.\.>|B.*..&..d..!....b.....5..A...Z..V..5../...MX.V;J<.Cq..{.......joK.k......h.5W..,..%3.^cQY]R.i7..N.?h...M&.J#(..........V2Y/.R...h.O\K....J@j....;...P..D.c;o....$.".lnC.T|..,.G.....&n......X..7......o.......b...EW.i;=mY.Q.I...Q>._.s.*........R.?JL...4.:[..,W..o...%n...q...QX.9.....4..r]..........`,}'.......o.S.S.z|....C..T.gFja...8*.3.WN...........}...........an9^......C.....uI.0.s5DBq@.V.pd.h......$..K7......J......v(.I.Q.(X.Y.....K{.mM....5.o*..,r.7.......\.k~\ao8..}....(...E...X[.).E~....[DU..N&..s>;N)..B.*).#ef/....;..?..._.i.-..W.....D..S..n.,g....n...2..%..y..t....r.*!.$...:YJ.8.y.c...Z.p1.V.t>......`W..`..C..+q.v.....zb...O.T;.a..v7/A......n..ob.......`=uw..(....).G.0hb.......8....2f......5a..#..=..D7.....b.F.+O.P.M...j..U.q.)w......(L..9...g>:f..VYg.....~j.N..Z....C.7.OZ...1.Drr..3.xh......V.......:3..p/c..._..9>....gUB...,....=.Js..

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.f30561ce-d20f-44f0-98f0-0a2211dc7e26.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978228941617544
          Encrypted:false
          SSDEEP:
          MD5:B58694D156EFD3F5374F52BA1AA2D40E
          SHA1:5B9ADDC1D0A17122DC1D56EDE77D78D3FD25FB7B
          SHA-256:1D42097BAFEE42381448CF6AE508A218928A4695439907D05E1C115FAFF19CA1
          SHA-512:DDA1252BD2BA094B36C03D41CB9D509E6BDB7D2FA32B9F54F493BA331207C35EE8900193BB7F8E748EE660337CEA29611ED010B31FEEC24F80BCAE7E67CEA4FF
          Malicious:false
          Reputation:low
          Preview:..){.*8...yK.....C..P......J....7...K.W..h........?7..nIx...uC....6~n.r....G.<..C....)~9..L[.ut.......'Y.....AQ.._..w.....{..:.=.K;uhPu...0....r..8.M.5..Vr.7M.......qB.,.....%9e..:._b..].8........C3A..c.Uh.tyZ..%......u<...b.;....B.I........1.._^..G.t}...sw(j.Ub.....9..^...........gS.qu[....`F.Q^.kR..* ...+.E4..'..'.&.P.......>...m<l.*..>.J....y%;4...Y.U..Q).....F.s..."........;...tV..D...9..kM....G.&D..Q.V:..rB*.....6N18.!eD...1...........U.......$....R.4.......bgq.c.t^\0.`.a;eY)J...G..[...[.F..C.O..........eh...U~.....".c..m...|.$H-..F...x.....B.f.?.J.s..U...W..CD..<..O...-Dk.T..cv.O..>w.t.<.;(...K.d*.q.....i..d.v7D.Y....f.T....U.,.T.u.................x1......%..T..7.....C.{..Q..jRo.p...O..P......u.o.9....!.......zC...})U...:l. ...........(.9.&.A.%.7..'..C.5?A....&.'*..'`vd.S.D...<...T@;~`...i%..8.$.%..9......n..a...............s/.gI.......W....?J..G.t..?...eo<......z`,7p.... V2.!..A".M.....EY...x....0D....Q...-..1W.T.Xc|qH.K...me....RD!.

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.f65bce6a-0c4c-4919-9083-c1fcd777e562.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9814090617985585
          Encrypted:false
          SSDEEP:
          MD5:88117CDF7A636ADAFEAEE74EB357D6E9
          SHA1:54C00351D03DBF5645D3B8A12A491DCD35BA0E58
          SHA-256:9CD6A5460797F7CC9B8B05662EC80E569FDFC6768F39FBA71EB4B87E041E7795
          SHA-512:904CE661DD2F229E80386299802D7BF6EF6AF3EC3941EA87202338596363DB9C8FF04B47C3B0425D0D1FA62A9EB64278B9581110AD37362A3F6C2DC20E374898
          Malicious:false
          Reputation:low
          Preview:E.0.2aO`...;..Q..[{........`...'.iam.iZ.]0..T_.CL.R#.....O.3.....'=..9.VLA.....2../.A..F.of........@.N.*.d5.w..[.%=.k..k.=.:..hkx.N.5s]..Z.e...@.x.f......)...-....\F.I..N...(RX.*.E|:....j._.W8.R.`.*..lL..d...X..g.i?..!3.#....AE.n...P.,.M..+.22@Q...;.H..x0..X.............!.....}..P...&&......N..Yf...y...q....._j.B..ma.]..h4@(=?[V\@.3..!Q.{."...r..`7....g.`.A.......@KX...U.$.........9...|.i27....{.!b#.6Tl...6.k..b......$.3...gMr-Lc7Ua8._..1...Z.._..r..o..+*p^u..s..>U..*..o..1eK.C[..g..-.;.x..e/..Y.%Gk..-...+....vpf...o.......z<..F......8.d2.5/.....bq..i...(.rg..9(Bs..uw..r3K...3?...).....1!.A...^@.N.8h...M.8....P.......m..sU.........<L..=........0/ ..&.)..f.="}..[?..6.c;>.F.e/g~...*Q1.Y......4.3/. ..B..1j......J..I....cB]I204.H.....X.v...}\.p.{.9H........xP.G..H. .....:......8...?...]..........%@|7^.3....8.6z..5........m.rP[H.a.4#P[......+m.p...J...../.:G.6.l-....|.a.1.I..[.....2.L..K...^.......D.>...X+...`W_N1.H.....w.._...R....}EY

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbf1ceaf-d675-4142-90db-686d3ec7ad3d.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97882767677865
          Encrypted:false
          SSDEEP:
          MD5:AE57FB36A4AAEE3E1D067E6A4C0DA34E
          SHA1:6AC38D7AF723E28C7F6BCF0FE1E82E8F009D0773
          SHA-256:D513D0BF3F4856838067E2BEE76A26B249ED5B946C7626B4BEDF7330AC677145
          SHA-512:590B381BF1DBFAF850105971402AD66EF7A191E1790DF5EF12F16E91AA57FA9A9E04462D33007CC5CF7D283F01FC8BB5387854EF300EADEDC3FB4D7ECD6FFD47
          Malicious:false
          Reputation:low
          Preview:...N0.@..,.O...(.....C.W...Z.n.U....J..DF....U.... ....%lXU.FVk...G...iK..P..>G.......F).V=..ew...!.....8.7^U.EP+-./?Uk....d..m...0...^.:w.w.u..V.nN=.......Y@$k....?n6.....px.....^2...].(...1....@.I<.z$.!..F..m9.......H{.".+.IsJ.....is....r....1 .r....E"...,`H...t..X..;.v....'.D.Rv.8lN........ ..JC....{.p.oa+...=.*...S....Hp4..1..;9.x...9&Wh..2s..;B..TW.$D+......:$..w..s..)^W*..o...;_ ./.Q ..?.C...h{E..V........|.J..2M.*.]la..1.+A.vs..@...@...%.V.u..."v$..`.t......[j.+g...^..CC]Mr"....o..nJ......[mT......^c.+._i...<r.#...w.$.k/A..I..$..o..Iq.>....... .aj.f\.F.S...6.K.r9.Fh..........C'.Ah...`2D`;..{.^......X.......A..z..n.N+.!.U]..v...q..H..3.^1^h._D..n..A.qe6.......N.Gq.........'.l{dX.....N...8R...b.. ...|..Q.U.@.9..9."..6U.{..'i... ..S..2,......n.c^..|G..G..v@.w.k.p.....\.c...XXU.I>SW..'Q.~...`..w.|...p..?)....qx......y.U^.bA.}..1".i..+.Q.. .... .d.4uM..d..R..\...w_"......J`....D...%...L/..._.,..j.'mh.$Q.3.;.(VD(e.V&..h.U.MIh.EH

          C:\ProgramData\USOShared\Logs\User\NotifyIcon.ff950fa2-0d0a-4a64-acd9-0716f2fa9b9c.1.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9781944148554
          Encrypted:false
          SSDEEP:
          MD5:90CC727A3633CAE90317AF0B298F3EDE
          SHA1:07FE6511804B6A8213A4F3D36D907A4EAFAB1574
          SHA-256:B8E9879C4FAD7A62592756933FCAEC7F6A66C6ADA8611C60A98E2BFC15616ADC
          SHA-512:9207B5F8ECC8E58FFD0D02A548058DDDA3C840C1D7FE1E135E32260DDDBA002A80299A7A43E4F0600FF37F001D18802C286D4B883A9794F64914766217B10B4F
          Malicious:false
          Reputation:low
          Preview:.......v7..h....$.\.S.`.Q5.$...n....w.9...#.=Y`P+:9..f.(..q4\t.:.%. .....g"d. Q....ZH.b.e.ZD...3...].`.X.......1B..*......3.N..j.%.%..wqd.<.On....._...#mjz.9!.B'.4..)..D.....Ni..Z.h..N...t......#...oS.]...)A....`x..*....h...w.....;..wSP....g .{s}~H$...7....)3...z.0T..@.<...T...1.K....K.n.P..z..k..M.p......x..)$.$.@.$#....%.I....l.....DZ...q=n.v....|..... JY...@?gv.)v*e._R.8.Uo).x;....y...Z.l.#%EQ%A. ..Z.4.=......QW..."..u[..Y..>z.%.........ev.W.p.K;^.~e^s\.|...r|..#..H!#._......y........O)~o.A..4.F../..K..xY.#.vn....(.[`.t.rP.'`..RZ..K6t.!xS.B..Qg...h.....V_.u.>..........u.H..i.blj...I@.+.....2nh8].U...L..g'.k...w.: ..*..4...qy.+.Y..j10u.......Sx[M...%LX....Y.R..j#.'..'..........[.%F...`O.....Ha~H.......="..E....-.R...p....>..:+.7...........\...<4O...?....i..s..*.......r.......4&.(b.......%f.W.Hl*.{...ed...-}l..^...,.Uu.R..{.8Y.........#.$.k..........!...9Zj...xL....+E......V...i) ..Fl.q.5.e....rG.&.o.j..v.[..M......)0.....c..p....bZ.ED..

          C:\Users\user\3D Objects\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):832
          Entropy (8bit):7.733583757784051
          Encrypted:false
          SSDEEP:
          MD5:6C676CD4A356C44BDCB8CECB8B635C7B
          SHA1:F29F1D87F2CBB41AA8F88DF88F7F2205DE4391CA
          SHA-256:10CA172D765CB7E28D89A4B43F8E027EBAC3812E667D432E6E93A0DFC4551844
          SHA-512:81F593D6517FB97D63205FAD6FD96A8A4649DDE897B4E44108C053E4F39DA2E71DF73756C36261004170E363FB2DFFE1DB18E2AD73E14AB706061ECE92FDE074
          Malicious:false
          Reputation:low
          Preview:.>...v...k.nF.:.{q|Z.@..'..wA...Q..(I...&....a&'.9E[]G.=7.`.7..V.=.ZZ.....yY...**b.7.~._...........5.JX.)S....:.^1.....&..(g.......B...R.9........1T..o;.<E........V....~vM..|!C.$...{RLW.^.+.....DY..q.Z]............[.6....]mAE(.....+8.Y..k...:....l....!..&..A...>...\3.....A.*.....|"...d89.0.+..1...e.h/.Ls.]#....(BMH.....c0....g..{....tw.@.......L..9.:.@..`......w..,Br......9.!..N.0..y.......K-].).gRg..Z...%Q.......x .1..X[.~......_.gy.....fcw.K.9...m...@...!.Q.[.iS.J`.a.....h....lY ...{n.^8(Q...b...Z.Aj.....iGx...x.?..HN.!...*Q.\.Zb|.....><C.9..*.....k..m......`...w...Q...;.....X%;>....;+.{BR_k..,...3.2.....??...|."..OH......m..jG.%......S~R........r.v...?...............'."$D.F'UL.l..=R.)......L..H..z......g....[...").1....t(.x.X...`...R.{...HY.!..n.1..!d.9.*.......d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.542158401776832
          Encrypted:false
          SSDEEP:
          MD5:5328B2AA197981A3548EBD109B3FE908
          SHA1:55E90181FA8963018BE2C24A99E0719A3CFD8C01
          SHA-256:128B281962F9E6111C3D6903EDD86489DFFCF58C62CFA05EE859CB67C27520BA
          SHA-512:BBCCA023D65121E6C143FFBEB4501888F8D1DFF032F67679BF659591B561DB0109E159BCA2596C280B6701CA1902613BA4C36EA3897E0DEFF61753ED645ABEC6
          Malicious:false
          Reputation:low
          Preview:nU.k..7x;.K....*...D.rx...>...=.d]...s.e.-f......,v{..-.............k.#....#.5*G....$eV^Z...A`..#..qiE..C5.Lv.X...jw..oRJ.ji..7.....>E.3~_...........L.....w......^=i.|T1......d.V.......&6-n[e6...[.J@...<M.>..UGD..S...#.}.l%.A.....(=.-.i......E \.p...L.=F..`..W..B./.r..NY.."..p-.n.@s.h....%D...Ie.......ZrC."......D.!s`....c\%M0...b...I..._.....1.`.....}..M.}._'.6e.7Xm0L.8.L...)o.y=f..:....<\...A\.....9[d.~S......p...&......\.2..w..yS......&.k..E...>...Gz9.hy{.I.o...c%.#&.z.D..X....\(e.....>0..*.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):45584
          Entropy (8bit):7.995703598602094
          Encrypted:true
          SSDEEP:
          MD5:E0597150668348565E7DDB3471E9CF6C
          SHA1:A3B42EF9DF2607FCDE4EE8D4E30D8767B5A95EB6
          SHA-256:1DE0A9464F46CA035F0CABAD9F09645824154EC58B7DEE2141990866282FE17D
          SHA-512:397FBCBC4D4B6F261FB7FEF39928E55A63C3EAA78AD709EA3236DDF0244A81DB5E44F6D0EEDE374230C05175D0D6D15F6A1D98602F58B1E90FE9E0A51F799FFE
          Malicious:false
          Reputation:low
          Preview:..un.*...`.(...,......HyK.iC[...$&).DI..Q:....`.<^&...BvL.....prQ....V]...1..[.......H...xt..u...D`H`-,.;el...^<p"..r..W.",.;..JW....t.....j!.6...U\ ._}md..".......5.7p2bh..x.k'.6.q.........n.h.'..aZG..=.T...Rc...M...hn..A._....i..2..r<..I..a....|....=.M.O.3w^.6.e................y..W|...~nx.28.%...t....#...5..oD?.E[_>...Az..."w.n..C...[.h/.b....I.s.M..;j...Z..4^z......H.....N.y^.0...\.C......S5.'.FF...y..hy............-.j..fK....D..8`..b?m....^dc.a..-..6..u......}b&.X.cr..$.2....1V,..k.ZDH/.....,..r...mXP.X.".4.8...J.e..^s.....)......}.....wk..s..A...4.L....8....!..G%*.1.]..n..X.E.V..10...d.a_....V..+a...X..C.....8..^.X>yR......?......zp...S'..=.d.......!3...D..+..7M..|..c.T........+.HZ.....!.C.3.x..p.e.q.Zq:...!k.?i.+`.(.T./..h.M.O...9..I........@..o(..b......n......O...L..7.:.....c...).Vu../.r.`..V.=V.\...C..<.`9#.2n`j+..`z9.<..8J.O...E...$...$.H.P..p.u..+..,~.-.....@.G.>..g.....z....}......7P5......,..e..b2..a..h...h..l.g-.OU@.r#..oS...[H.|m..

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):270864
          Entropy (8bit):7.9994136066299015
          Encrypted:true
          SSDEEP:
          MD5:D64718CB324D4A5AEE66DE3FEF4635E8
          SHA1:EC106B2F2015FCB947ABFDC237BDCEECACA9485C
          SHA-256:020616C0CE3D9E3DE87FB624CA87CF36C4650A58E440AB574C46F5ED38B7AAE7
          SHA-512:2458C2740F1E4CC5E0ADCE2A3A6A5379923E7C14AE0C6CDCAEB3BA444FF69610CFA58EBD041FBD38E1BDDB04ECD48EF336DD2A578BFA5708F94FA9FCA7C00186
          Malicious:false
          Reputation:low
          Preview:...F. %".....U.f...?.N.4e.4...1..(..I..V..j.%4...>u.B.yV.@....!.......7.?...1.j.].\....C.+_.#s ..`S.....92.....)...*ih.......d!Eo7..../G..[..@..5$:tV*.@J+......i...8O....C..@.H.T.7.xsf.L`..2..g. ...{.....K..xVE....-.'..^.}..t.....i.5......7.,...[..CW..t..?..;"....HM..^_....m....B:}...X.U...bm.......l.7...nf_.li..<l\~...f.3bB...[x.x&'..2.....Yo..j.H....$.=]&.q..o.=y.i......W)...(.a.g..d11......wR.....?......{......8y....lL1V.6x....eg...:..k;R....R.K...ou.{..z.r70.]...Lj...2.L.k7.7...<Q;R..0../7.u.'....@e.7/......R.={......U..#.M..N!..5....]>........U."...c,.._).t..WR.j..a.4.Kx]sd........T.....m.k..[r(...z76..G.p..[7!.........{..s.......`9Av.(Q.........N..K.P7.d.J0..K...Zc6...>.?.y.3..W:p^x....b...nB.]....<...].~cq\.>a.}...".`.hW\I..f.I....\.-..6.hI...a......@"2.........3.a.....H.s....7OWo).B.u..,nw!..z.xj.Yg..i...q.).jh.........j..\^.[.WF6.......+\.d....zn*...Lt.mg._,C.2...`o......)i......<..T.0.6.O..).U$..m......31c.....[..T....d._..a.i...

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1057296
          Entropy (8bit):7.999845745653223
          Encrypted:true
          SSDEEP:
          MD5:4DB88FCA018291CA82233A7E34CC42E1
          SHA1:F8229E38E27357B5FA22F8D2007D9DA329F436B0
          SHA-256:A323535A742D6D68D418AA49C7FF7AA83303111E6F43841DD2A535A9E0586DAC
          SHA-512:E5EFF348B96FB3276DA6F850A4F7EB4021EA3D9B9770D65CAA1B53927BAAFBA3F53BAC6985B809279E830A174E2D95552B4CF63B8F93D175E958F3D40A8271C9
          Malicious:false
          Reputation:low
          Preview:...'....T@2...U/.^72Y........v...t$....4;..U2=kkt...Y....\KfX. ..N..$.@....}..|...3..p...I....."....g....`B{V7.nE.>:q4.B.....".......bV..t.q...(6.........;H..8.X...h......M.\.},.....<....kh.~?..$...o.0...fS...otb./.g._f.,h1..^|se..v7L..O..=..e.0.AO....5#...6.w..&..<[.G.}l?"M:.q..wI{..R.T.?.......:EU...y-..G0.....5.@.........K....0.D.......S....-.M..{.+....W.;..L.....S'.......N.~.;...b..]..y..Z.U...p...]........#._/...*.l..V..B..6...%8y..v...Fl.\".a,"0`2...%k.f.m.O...L.[..]..k.\..\../....>,..*4..........~.p3.Wbq.v1...1-...$.A.........:.-SS....{R..1..X..x0..h...>.-...m.....|..@.l...{6.X..s.\..@...0..}...i....+....uD....?....}J./F..W..ux>.b*.0%..!@<6...:'\...M.<B.Z..U_..:y\.........9!x.....<.}L..y..6...$$..i...<...o.....}..O.p.6.u...6/...|.|r..h.[).....9.~B....C8.+......9...Z.#.......N..:./.f.{..^......)...=).......m>.9..$.U..r.m@.1Z.....`.x.)...6......+.w=D.t...m..+...b.....g..?..lp.fu..$....~x...;..a<.5.d^.zU....c....`.b....t.q.U....

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4203024
          Entropy (8bit):7.9999543253673675
          Encrypted:true
          SSDEEP:
          MD5:28DCAE245AC1D7D53B02E6817BC61ED0
          SHA1:A1D6F4CA2019684EBEA1C0464C0C4FB47A5DAF31
          SHA-256:2C3DB607C81DBDF86674B789D573E475B643D42327B706D8B4028FB6C82A4167
          SHA-512:6314834C122ACF49C9273FC7EABDACF73D75E9BDD3207EB104F7C19B7DD7683FA8A83B14EB248D8AB2985E190D3108AA23E6E5C19E0F827455A5E0B9C0C86696
          Malicious:false
          Reputation:low
          Preview:......\.(.J.#Q.1..y./...y....(N.[C.iXl.^.\.k......R/h..f.9G_+4{w..}....Y}.......W....&.?.,.....hGj.w.Z(........u..e..rS9...^s...)..v...,;h.&g........R....J.o....{.^.iqT.......t.".{!...m...I.>...g....L.e.......b......Egq.sQ.L.).B....N...&......-m...:..Q.l...,v...K...v...q.L...!?#.B..1R...}c.%Z?..=..b...>.(...rM)..K..5[w=.VB..."pY.~..*........'.h.o..bJ... .....N.!......~.z.Z._z.^......b'..W..w.f..% ...qgN...<..M^. ....O.}c#.;V.._.*.....6Q.....w.......I... ..d.....-.I....E.o"..9.`a..Q..F}.^...g..5&...a./.=9+R..zY:OY...U4.-P.._.E...7..:.._oT.I.\aw..8.3d*..w..U.uX-.....^.V3.~.....,.a...l.3Ai..N..{v/9..FV.vu.....S...T$.......d.M....|k....5.E..:e..r~..BbY.....C...Kq.=.#^....m{....`M.w. ..C.g.C.......6.......1,......y.I.nX+!....a....'...'.3<.......e..sK..wk...>0..?.k.\].^.r...1.<!.l1.TJ.e)....".#.y......Cm....u.:..z9.. ,D.w..NEr..{...`.d|C........i.X....~..x.N8..>.....k..v/H..)....r....eQ:.YK<..~.pR.{z...G.v....Ps..4."...rQm..CJ....$8.x./

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):525184
          Entropy (8bit):7.999685392032183
          Encrypted:true
          SSDEEP:
          MD5:3B0028BB3063F59B7AC63FFD5EF32617
          SHA1:EAE920D3D00CBF69D4ED2A2CDC4BB623E3777935
          SHA-256:075F1FAF0D75FE4E914DF956BC73AD57D52BA4990E8A72A714BF59FD37950005
          SHA-512:73A96EF14E59B36ADCAB02B68CABB964FA76A3CC4C312EB1ED72D4964396739345EBA13DF2FC4FA22B308DD0D225EC4D252AE343F592EFDBC9EDACB531E7076D
          Malicious:false
          Reputation:low
          Preview:V..P.S.0....]...Z}."o..i..`9.cZ...5..(U...q..|..8....j4...f..uo.....Sy^Kh.L.C..mS.. p.._.B0..b{Z..b.B.+#[.p..(\.S.2..|&E7vx.......zx.jH.J.I.g..0...Sp..>..."...A.R.@..X..y..XK ....O?.R...T........^.f.<...y.".q....V.L!Ut....j.#P....=....N.......L.`...cp!.C.pU....D..sF.....pr...,.]..I#o.h...$.....".....$.j.4-2.q....s2."/....),.KCiH%{0..M!.Y..cK...G..h.?b(......iAI/6.H ..jO.0 .,.:^...w..Ee.w..n..........Es...(j...E...|....Fm....q....*..R.@...T3..0....9 .....E./...k...BZ.B.u... j.b_YH..m\.........Y4...J.i..I.?..\6..q....BR.4.XS..nf..Z.t..*..H.d...F..z..}$.Oh.|@7...^1@..2y.%.S..OF..}s"..g6x....}......`.O.4.IF.Q.i....Y:......TO..aT.4..e{...[./G]I..{.:.{<...ek...o'.%lY...Y><c.iz.V.d..SZ..$_.Q.D.J...g[...N06..`C...x"=z:}y..b.y.t^u}Z...J.q9..}....m..23+..X8I....:.`.1..%(...?.....f.K..X^..W...K>..M.<c.-...~....]UGU....s.<.dD.3....g....5...Sb.`.....0...p=b...&.&<.i\p.@........;..'.........g?1..}`..J..)...3..Sh5t...:...*...x.H....S7.y..

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.665320047427708
          Encrypted:false
          SSDEEP:
          MD5:893DAC0ADB466ED18665AB428AB03621
          SHA1:7269359181A759E1617F7469D36AF6B8CB933B4D
          SHA-256:30C3FE7EFC41B52DABF4EF02029B7F633331EB707D62AA400FD6B65AFA77D3CA
          SHA-512:61ED0B9F70EAF14FD071DB215485001D75268B8BFF3826894133BB6B3D2C705CEF080C233E04DAAA60A9F80ED4302E15D66F144F2287AE7BD0BE5252133D2322
          Malicious:false
          Reputation:low
          Preview:..i...IU...<.D.)P..t..4.......8ATZ.|...G........m...?..{K..n.e.8D.....H..!........~mA........c...F.vW.x..S.g~..z/.O.;.4...?..ED)2.........8.E.._....e..zz.a...K3..2.17.........Hg.E..f.{X=..oe.`.....j.0.cyn=.X.v@Xe.l........Pe2...).Rf..<.].......T..Tbd...X.Fj.s.....6.T&..k..X..O.D~.'z5.J.O.<.%......|.g..?CG..`^N........e...]..l..g.!..p....77.{..$..^@C.]....].....m.V.............X....o~.m......AB....@...T?..../L&..C.C..........s..Vy8.}nC.'..(.gk.......2^.f=48A...._!~.$x.w...Y.W...\>....9..v.V..D5.X0...E{.w0E.J......l.8j.Lj=.....e..]..0d...Op..8.WF.&j....u..G:....?e..g.4B...z#@....i.:..9...U.h?".l.....Q....R.X$h..eG....Z..=.._2.}..:...T.L.C.G......6rp..B.S.b.k.iP.d.V.9...........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):704
          Entropy (8bit):7.647189827160831
          Encrypted:false
          SSDEEP:
          MD5:BED6629477CD93A6242FDD03B7681BB1
          SHA1:808E7557D949CE8F3FF26980C10836099C69C843
          SHA-256:6AACDB2F1407E100608C0CDD3849FB5C8C761A8B904977F1270C92A442D35D63
          SHA-512:8321CAA6F05480998224194455DC399A38593BBC723B6C29ABBFDE77651304FD17F9F0E165AB894ABEDAED5117A8050A15419BBF6A536C2A120E285FF88FE131
          Malicious:false
          Reputation:low
          Preview:N.f0.....&....B.....~n6p....>.%..vc .....ft.^..l.Y.m.B~.Q*..<.W..,Fu..D$R....3A.".....=].....<...'.$N..(. ....W.Z.Z.A.C...m.F..B...6.N..nm.....c.e.;....^/bq`........a....)....rL.....fXU.t9.Oe..^.S.1.3.YPv*..J(..b.v...)7...d..c...9m?U...@:.....l....Q....e..p........t..J.Vu..s,...$...`a..u.P.M..U..-<yBd..`.sg5...D;./.2.p.].E{3.o.O.'..`..2..J.........4..J.J...&.......W.......1+X.3vA......._....['I...k.%>..x....;...f.K.:.HB.^xm...[=.8I.k.{c67A.....,)3f.Ip.(93]...N...E.....9....w.l....l....S...{0...E..5....vZ.{[.....Q.g..dR.ajsne....O.C..=,.@.~.H.j.....r.....bI.s..s.R...^...F.p..F......`ZT*..je..1Ew......s.y$.....D+..?...-.X.....sY\1..J..g...:...>.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):784
          Entropy (8bit):7.72024263173058
          Encrypted:false
          SSDEEP:
          MD5:2C5B99F8A9FEF3E7C52E0A161C2C24AD
          SHA1:82AA1B1BE94B27C03797B87FEAB8EB942C032C71
          SHA-256:7A5B25CDDA949760DF5F38DDF814E3151BDC1A49936DF9252B8D394579D91716
          SHA-512:810E75F831E6BB4779C1F5ECD0FFB09B8C9D9EF0472EED6A7EA59D99D8B2FD6C07AEE4BFC1ED5A89B53491CE64B2233EA75CF5A7B0F4F53951D07D795E48DB9F
          Malicious:false
          Reputation:low
          Preview:.#.M.h.V..(.._.=....|.1.I.-{........;jP.$..x.Q.iM.Uo@s.v..._4.%...........>..M...e%..3s.DrA..(....Nl.;.tc..`..V......8/....m<...4....b.h..Uj..l.0xY......]M..n.gB.$.....l`[.q...E.4.lE%t.N....]oz.:K9.......-.....g.5o.{...MN..]D..z`.....LRT...`nZ$......B^..dZ...I."|.~D.4.[ .`d...4....t?AC.B4.Z..f#.x3.:.._.nO. ^...^.U.....|..... k..2.U.....S:...6.....1..hn.7=.........[d.K4....I.q{f....g...@..r..6.D......L.....W....5.^^&hm..BXA.t...>.+3.....lR.......}..."..}kt.Hc......&.v9D..f.&..\9...e.79..5...$...cRU. !a....+K.u.dr.F_..I@....#..2.s.w2.3..C..p....y..4.I.2mrY....+..C..........q]....4W:L0d.|. .)......r........D.i}....)^kU&...ANS.-..zQ.M@.6)...*....y%..6.}...O'` Sf.`d.I..H..W..o..}....P....T..n.+...?..d.owz.u..>.iv..g..J.}........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.7181325600219255
          Encrypted:false
          SSDEEP:
          MD5:05002441272FB8FCE55789843F27B940
          SHA1:45A809AAB2D69104720CBE44975ED626793B9DAF
          SHA-256:44207549F04F28A3FF16847B14885166EEDE385F87471237081B1AE606FA9E62
          SHA-512:8C3A6016D286DB4734D322BC35366AC6BEAC50DBE2F4CB00FC87AD917C2938EB2634AD1E567BFC9BFEECC2AA6C84839A150C7569926344706FFE3A04FF14EBB4
          Malicious:false
          Reputation:low
          Preview:.0...M...W`.......y...d.FH...w...BGl'.V..`...7..E.Bt.iU}t.RPe.d..y........e.W..-)y....h`..#.x.^z.....y.%ly.......9.2.. .......yr...`...U.T.7O:...<]...e..Y7MZ.4.r.*C..u.E....+....PI.....7N.1R.~..u...Z...[gR1......um.t..L;.Yi...'3....L.#Fo.U..*.h?.~..e..r'...:u....5..!)c....:`.-);.....s.0...N..m.p...^.{YW....\%.j*.0..*$..{.N.....-.S..U.'mE.pq..nG.t..w.{E..@G5...._..rE(N=+x...hS..J.-......S2CE.._}...PF...l....a...-..5.e3...?.?......8.Aq.e...j..u<#S.......0n2...>0X.q".5..<.?D.;...#2.b,ii.d!...c.Hq.......`@Qh....n..m.J.1....S`..~CK...8H.q.r.......#...........H.k.Z.".g.p..W>....#..x(...:.....e.a[Q.S..WZ,Wa..3z..1=.g.B.K..'...[n...g....u.I.]Vy....,Z....0.........D./..Z$.v..5Vy..u\.......\.n.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.696439899539566
          Encrypted:false
          SSDEEP:
          MD5:85CDA7DF66153A1DBFD61E848E277119
          SHA1:04B837430F1DB88845E42181FE1A6A4C29AF9CD9
          SHA-256:635872550DF9A35876754D6A27CA792DE071BD19DB3BC185C4547770F1E84E1B
          SHA-512:EDEC42A04223ACC6A11F86D5FD405C8DB2D1DCFA3DFEA2404F7DB7E7B49D5B7CFADFC131660E756105C50C332FF4B9AA8F5EDAE372EAF6B830B0160A0E6CC205
          Malicious:false
          Reputation:low
          Preview:/...!y;l.E..DU..R.u........k.|.mz#P....zB,3....k.v.R.Bv4"..RqQ..j.OQ]..PD.Oy.#...(e....2.]......S9x.v...i..c.yEy.E(....-.....3^c<..%..m.j..Se...].5..Mc.sK<.=x-.b.L....r..Z..,oQv....,..!.]_!...a.....-.....w..G.]..y....:.i5.aRv.a..%%..(..x>.x....)..r9.\.....0...ZF......(T..cF..$&^.{;..H{O..O...i.IxB.U.[..c}L.^?.jB..T.){.j.1,?...z.....v96-.WfM.X.:r....Oh.)..C (<>8.........S..... ..!$O.!.PZ.g.....7Z..<.F..............CIn,.f.Z.W.5yfV.Iq.....@P....\.7..z?..wh@\....Ev....!qe..S......U..P.Kq.(.F4.1..Q.....&t.....U....R.|5... w.<q7;.....`SX.:..>.E....t.[...to..,.W..\...\t.7E.*..W;+...Q6^b0..)K..j......=r.8.Z.:.J%D.l.. ..-0.;..O.Y...3Q!D.4.....&j..+1J..~6YUY%.qZ.. ...f....oa.j.b.r.8.3}c....}.........c...D.J........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.673126813848324
          Encrypted:false
          SSDEEP:
          MD5:E1210F9E539E4AB0C157D5A60FE97CFB
          SHA1:CF7E49ECB8268332FCA44DBBAAF759E8DCE18E57
          SHA-256:57837CCD033AFCAB212CEBDB7F058CD475E8478CE82D57C8A6FFFC3B2C3D35D5
          SHA-512:1DA28EE4962BE0DDF4B617554E392B214E122B9A6F677A987F1B8D9337830616B3632EB0F01D6C07AD60CDC4E9416901B90EBA15A61EB43BDFBD6B639BC4AE67
          Malicious:false
          Reputation:low
          Preview:.S.:..G.c.4".....=.}.<...M...>...x.?.GS...,.o4...8..+G1N7.._......(D..d.....G.....H.].....S..?:...Z..6.>j.4.....$UWD{..[.h+.IT..(.B<>.6......@............!..*...%7...`._.=...."....xg..N...3.ab[/N...;.e!......f..W...U]$....=7/.1...................8...T..f...O...o...O`#q.F...t6...b......A.~...D!05......._].....p...d....g"..m)..0.qGA.........P...n}..ft"...(.D.ks.$.&.?..V.~fxfH.@......PJ.{y.~.\.....9..=QZ.x..oM...t%9...Q...K....~.|..]CL%............{^..i..3.~......!9..Y.u|C.5JF.(..y\..<-....J.\.p....h..=N..eK....6.s..4T~.).g....0...%...#.>.H..-...f\..;............^.....IJ..`Q2;.<C.~....o6.:.R.|.-....<.I......Mw/...Vh.n4t..>f.1....h...jS.#U6..Sn.#.....-'..O.]On...V&..J@...8)..9...M.\d.h.}......3#..8...........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\28daa88523128699_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.700980938874256
          Encrypted:false
          SSDEEP:
          MD5:451F4395702A63B8E58D09BDC06A38D8
          SHA1:78491FD555AAF77E6D535E5F8409064BE2830419
          SHA-256:2D0FECA76DFC8B959BC32483EE38B3F6706722A7AEF3BF724B08FD5EF918BD7B
          SHA-512:9B3F1D650D5CEF671BEAA9965B1511832226EAC49726F07E1D673B30871C69E35C42A9A357728AE2E65F432B0461B355BD97C4772FEEA486AA214A50661C7D4E
          Malicious:false
          Reputation:low
          Preview:z......59..{c.f.*...'J.......(...T.....\.....].|.0..t...c..A.K; ..9qP......"):P3PWe.]...Q..3.Y.d....g.Q7...U.(..:....0.=.*G..R..U..W.&........@|.7N.....}-...{...&>9gX/.?..C..%!.5.^:...]FU..X..j.M.IY~..=I#...'..>.l..._.....C...)......Z.....X.z.W.|m..L......M.. .^..d....h..c..`J.3.".k..V..\...J:...Y"?..7F.... ...-... .g*............`P8.l.b.d.X|.u.......v..9;%..q..+...,...K.;.=......x....!T8..b.S.._.r...-..z....6..../M.@s..T%....+.*........5.g..,O....KS.........SJ.....X...=&.+...u.U...E.q.p.0.)`..S./d...r1........t.2.....~}.cL=...s@s.}.S..}39Yj...z.T..8.4C..\j..4...#...o..^...bs/..C. ...>.*.>..yf"....N,...i..'.+x...c.0....fy..B~.=.".....8.P..!..Q..P._wV..,.....W9.nJ.Y....-Ry.^I..S.GWg'p........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.647579541534326
          Encrypted:false
          SSDEEP:
          MD5:476E49E92DCA321FB46DD6A740531DE2
          SHA1:5B4A56782A4B57AF7B1633BE62659D185AAC9012
          SHA-256:B31677D2D34BCC77A0D0FBA8214874FC482E67AC13AD4107457D35F85F140463
          SHA-512:CE504B889FADD840E595642F23EA87CEEB88A3034F7D0161EAF555D3650E092A4FF2F689A46969350261BF4AB553C196E0A14D083428F03D31629F88C4708E8C
          Malicious:false
          Reputation:low
          Preview:.+.*...O_.J N.3=....I.I....;.<.UD.-o.....}.V..~.y.!...t.D..'\.Y.6I...%..Y.....r..{].:E.....J...-.3{.J.....e.\w./....I...0!.O.0.V.d.....K......&.!.>...9.r..5...q.b.i.....6.,.w...l.0..E;fX.z_.3.|.;qM1...I....u..jD....I...E.;...DM.G.IV.k..;...a.,fg..|X.q.w.O%*..5.r-.3..,w<Q. D.v<..>..}.B.\.dXAT.P.#Nm.g....-D..../...N....{.B.r8..R.f.~t....E..9..6....Z....O.......x....N.q.....7.e....,.L.W...s..t.;...>}..B.....+...Y...I.K~.Oezu.........,-......PS2...JQ!.Z8.T3`q6..sN...7+.a.......E...`Q.Er..I.+...3....i.T...._..ii...oC.^........ ...{.q!.....5.#.._h)..o.<..........*...............8Zd.W.d....P..:#.9.....f.N..~(......r=U.G&`......w..W`.^jV..(wgc..`.|.....|.#.....n..OO..............d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.707750786990421
          Encrypted:false
          SSDEEP:
          MD5:1A2ED23516B1214611164EE029A8EC96
          SHA1:3F22911318C02E0FE1A0A3552D2B61CE1756237E
          SHA-256:93473E92A43108BFDEAF0484EA1D345E2EC590484937077EAB4D0C5391CFBA1A
          SHA-512:2A915F59D5E7A6B6B4FCF3D869E86C0CC20CA6980D0FD032E9FE187F3542B9707579006593C0A7143A3F9452A988E10E7EB12E594DE7BB12790768B0CE9787AC
          Malicious:false
          Reputation:low
          Preview:E...{2..C.(..._..:..Mh4..Qn.W..M.........Q.|3B],.........5).Q...U.X...yC9vFW.....0..>..X.C..^..q.D.ISCVU..J0..<O.'.;s..8.<....Fv........X..*P..Pk..pS...7..f........b.p.w.^....M..hnEO... '..eW.=\^M..W...y..Q.h.h...2.>`.|.O..]..q^.oT....U.E..2.....U.<-.c?.....0.[.7.2..0..gK...q..eJ..m..eZI..?..D......x....3..Y......d.\.....z.a.......z..c]...l..Keg$@...L.S._...E3.?....h.*..3=.)=}.KU.....[{j.......7K.......A.....}a%8C.).&.x..5.......X..o...@...X....wt..cr].5K...~E..R..s......0.Ei..L.jn.~.[.R.K...Z...#|..Yy..*.Y..N!.zGV........./].O.N.C....V.NRY.M/...6...7J:..I.b...C1ti:....f...$7...Nv.J..3w...a}..:...A........z..B2..E..... W.q...L...T.J..'9..y.P..3.8M..I/.+..........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.690850329399762
          Encrypted:false
          SSDEEP:
          MD5:10878304CB63322CB221E2B11B4E231C
          SHA1:0B03DA3EF62F087A7543F1837DC6046B80EE0E21
          SHA-256:E35EC6241FFA4539D1449A58253FB785349BB92DDBD2257C1EAB44BEF3C509B7
          SHA-512:EE989E3361D91021D20BAC7AF8C2288B13C192B0BB35ED74B36867222FB79C7F360DE05368A90D0571A28FB49EF102E3FA42C64FDBA99AB375A6F591180BB461
          Malicious:false
          Reputation:low
          Preview:.D.....X.k,.d..8..P.(.....O..]O[..!...ho....<O....jq<y..vb8!...WX....2j.NI....y.qQ.@.......f..bM*.`...z....$.e5.........?6.......c..o.h...j*..G......6p....D.._Ykc.b......p..d#.D..D.u.....9.+.o....._6s>......q.g}.SF.:...YQ.l.%cn4.Y&.|.).$.V[.xZ.o<...t..X...:...{.....yZ.c........eU.."..G...5..2...$..6.JO..6..G.QQ.Z.......9I.........f..d...E...\u._9.+.\A.!...E..F.a..Vc.p.\.....E.eW#.F....x.-....{.&dv.y..?.z.~#.{..`1`i......G.e|.....1F..v.h...;x..x....)r..s....n..KU.$WH...vi.{..n`.1.(4a.....ok.G%4.~..G..k.d.~G.V.)IY.....B*.!...1p.0j..iV.h.M\.).U......R.5.....&....a3.j...;~.........N.e.... .{.=j.U)..&.9.7.S.X..*n.......]'...K;.......(.+5e.&..Y.-../.....=..(,...B.5y..WmMA9.J....R$:............d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.671961810164673
          Encrypted:false
          SSDEEP:
          MD5:7BE06182A753ECFFF79549C8157B4DFA
          SHA1:6EF648783A90D1BA9716F080D5A5982F58CAA2F2
          SHA-256:1B21910130D21492423F44F1F278D75C30C8301D5A50A199930CC0A112461E60
          SHA-512:A6413DF80050B8192DD8E01D4D3619F552A323E7AF9199381D1E008EC440225C9D280810449AF1CD930676E47D238A0673F6050BDA44D9BD017BD681F147835A
          Malicious:false
          Reputation:low
          Preview:g......u.....,MJ....*c..e.c.5`.`s`G.M...U.Xp...........N/.A......0..>..;&T.p....U...X.v..?]..k..Glk..D..#..k{z.j......T.W.A..[>y..-.=t.^$..Ew.....f..B...T.E+d..R..=/xKp.....!.}K...3<.rKl....=...._........n.....)..n...V....].....k....z...U.\......{....27y.o.c..[t.O'..k...[....,1.@(59.z.&..1.)....\.r=......^;.'._........q...F..0..{ ...%..\J....0.....l.b..../.3@.1o....y..B....&l<r.>.';.8.a-..{.<>..5......s..Kzz.$'SQ..D..._.mz..e.3...v.!.V.u.u..p.....X.'_m..#...R}...D..M.66S)...%8.,;(.Y-.?s2.B^z.sm@.w.....x...0.,..k..',T0.......%.*.....X}.{..!.9....\k.E=.....e?.......7...O.$.oLVR..4.)&..0.....Z..Vc.iE2.!8?J...6.m....=..D.7(...r.'.../.1N.J....s.c."`..)aD........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):784
          Entropy (8bit):7.704026243247208
          Encrypted:false
          SSDEEP:
          MD5:257498E8BB9FAA5EDB2B9E2ECA387E9C
          SHA1:5E00FCAC38BA07B5121E7D9CA53D292CD679B741
          SHA-256:B9EB32E6D516DCCD2217931BA5D2F94570A1C0557F6E7CF6C6596B325FC500FA
          SHA-512:937AE27AF97BB7735EA66E1D439876ED4B584BF6EBF7DD31A9F91DA6AADDBA25AE803A5C30EB5F3E2E8D37AD73CF44D622C244B2351E3AAB60FA2F4858A343B0
          Malicious:false
          Reputation:low
          Preview:R.x../%..,........<C._!.&...?-...k...:..Ej..hj@.....5..UN...C..'s..$..Y.U.`.R..D.)e....X..B...W6/.z Ay.LK.E...~...e}...1...uW...a+.X......`.Jx....!.)..6..e/-p.@....|..$g..9....O.ZC4.....Q`4..................s../G|m.."....?.n..x(."H8....<.u>+Rf..H*Z.%.\wq8.....K.W.(.MiXg.........+hd.S]...d.#.....L.B..w...u.......Kw...!..[Q..].D.Q.b.Xwq..X.d.....}.K....O.F...7N.M.7.7m..s..U.).4{.A].M.v.$.\..j..#F.....pZ......q..*.;.[.W.s.Ve......,....n.,....Js3...m(..7]h...R..x"...u..0..6...o..&..,[...|PG;..K........W(.$PR.....u.UP.*..%..-4.`.'...Z..4.4..2........P+..9.F.%..A........p.hp4.q..>....O5...,r..k........wDB.....y&.k..-......O..w...w.a_..L^.(1..w..e...Um.U!!?...;L....B........}.iQ....Q.[+.../q....O(.Dqg+......x..3.....(.<>3.+/o.:.{*,........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.692749453632994
          Encrypted:false
          SSDEEP:
          MD5:24F1066044998241F3340EC2699408F4
          SHA1:D85113C230DAD3F38D574887EF5A325401169E4F
          SHA-256:2B84CD3E34629C0960BD42417D50932EAF388EB6388BB3AA64D56BA1F54F34D5
          SHA-512:3A53B065FC8B36A1D90D295316F1C4596A2C2BFBFF01A1F2DA8CFDE881BC7556E78DC63BC6E6A4366224AB1BC104AE8FCBAB2797437EA34F23DA8974F7986A8C
          Malicious:false
          Reputation:low
          Preview:.9..4(..w..Uns.._E... ..2C..Z.k...D|.../.........ch.D...h....Y.It.....=aV)..R..p.s.A./X.....c..L.._qI.h6A.e..j.G.'..C..........}.Z..A.uG.....pn...Q:..s...A...sD..+...$.2.7J&Nvx..@[.s.T>..D..x._|.....z."w.xH......j.Y....N^). ....=.{..a+.....aI.).[h.........d.l....Y..Vk.V>.6Y..?...@...l.qI.M.a.hIr..eV4..G...5.M.:M%~......\.#.U../wy6`~w...(^..3..G3)..-.....:`...l.7].w\.%.@W.f.<M3..).h5.j........./2......o........=.z.i..y\..V....f.....E..v.... .W^...P.{........i..<...;..".5..W.N.v36z=.*..U..b....#C}..j........]....i?..N8|'.v..W..../..%.........Mo^...2`;._......d.%....L.A..O.;.0..z.Ow..C.........6....o.0i7..Z.f.U.4.../.i..<....*..@K..|.u...nh....t.....LE.W.@...q.V.x.%...-.I....l....o ..B.,.B#yQ.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.719220120173147
          Encrypted:false
          SSDEEP:
          MD5:B5458CE0AFFD4FCBD67DED87E9EDB8C0
          SHA1:50B6DDD095C2695ADC92CF3816DE3D3F17FD1EBC
          SHA-256:EF49A6527F9AE059E1A336050EA189D1E3505C7E0B295C83793A66239D59C7C8
          SHA-512:FC8F200462B40D82F6060E16095EDECAD0C267F58EF14CDB1DDF914FF3BDB12978A4BA711EC43EC1563B06631B9D7332BB2EAE491118BFC24EE172D2B11F66F5
          Malicious:false
          Reputation:low
          Preview:;...d*.N.v.S).W....<...1..B@.`.?....(C...la]\..;`...<I..!..`.9..L....(..I.5.(...r.?..)..@.dy.|...).K.^.1.JC..b.S.a....+.%(i.".U.9..|F7.......x.+..............$oB^k...(.'GxBh..ZH.I..A..g...s.5r.4.....c.A.:Q6.Jt..a9n...d...h*2L..cYA.....w_.q.O..+.J..2A..s.`^.H....ZPm|$I...`>.+.9fW.. ..{.6S..,3..S*D...U....]..*da.S...A....9p..o...m..u...R.y6..t...c..=.R..r.w.....c.n.P..A.Co....i..qo......'l...F..UP...".7..J.r.e.3....m.,F.M|..X......Cu... .*.....U..>.....K..n.i....Uw..d@.Gu.g.*...p..$.2r..k.J..._.....V....l.}...LD..;.....".&L^-.?...x....H}.=y..^.....+.Z.....b1,..xf.y...\N.g.Z.....1`._.4..S..-.../w...f).t.Q......I.n%..z...T.3...C..9..X8.~.. p...0..C,..!...C{...>...}k...:...&b.S2........K...(........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.701504797630424
          Encrypted:false
          SSDEEP:
          MD5:6491C523D7C65EA57A5E05D50B0D0D02
          SHA1:01845E0D227EFB4E6F0A3E89B364ADB928120766
          SHA-256:82B60A8BBA1C230B2BCCA466167491D63F8725BA07ACF08D69F188C2A398E653
          SHA-512:354FC41DF894C7F92F63A8234C80F3D6CF3D242C5BC4EDDDCB55FC836180E916507D42696929E6B18383DD3C02B35305F49E100461FBB29D0D88C9F02088E02E
          Malicious:false
          Reputation:low
          Preview:.w..4t?n.t..|..&j....;e...0W0.<...V.CW..Q..........U...,.5.&..Tn+....LE..F...1.}He..u._.....N\.....8BT...Sd1..\.%y!a.;.H....,.lr...q.B%.p-.....9u..Xbj5 U8K.......s...@f.....v+.?....4.....;..:........;.....Ps.^P.7..P...B..1.p.<.>_...".@.$..X.l..../...]>.)...............5e.&Y8..n..;5.2...m....S..o....K..6..b)o..+.>.9E.d8Z.K.z.......(6...hY..s..xE..e.b...Aw....].l/.-.#..%{.ns 5.~...v6..b..`.!f..XXOi ..Mt.R..Z7P/.-...W].u..T+8a...........U.....ap.W...i...Z..P<.3f..~x....uU.....f6.v..uy ..oE...!....4.....9.W....a..^n]....w;....$..K."x.W.:.R..mTG.....L.4|......PT.6.1..w.n:e.^.?.4-,%>..B|..\...d....0....@.W....p....\.ET.S......s.M..,3N{H.... ......rp.?R;JQ.+.<q6.+.V.]+s..pd..}..D.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.69816798994798
          Encrypted:false
          SSDEEP:
          MD5:61E9C7F6EF0BD2D8C502A97657984A7F
          SHA1:A7924045396E8B51BA1D74FF4F6FA8745B6D0913
          SHA-256:FE89131B61D7D832338D032A683FF2544195D7A261E02646AEFC08113931D39A
          SHA-512:639D307058C6320C1EF826AAFBF9F1D2F2D6F11A45F837C79AFABE55F0500F0D518256AC66DE39CCC64F28E6A53BFC8E82B37C308A5F8EA982CBA370E039416C
          Malicious:false
          Reputation:low
          Preview:..Yj=qJ.M.....4".]1z.)N..E8..9.h...-J.>.j.F|.?}.[.c&.z.m......X........r.... .(#7?.qv.)f..f..0l>....a......G..K.}hr...KT.w...,,.a....Ig..^."9.|...w..s{..?.U..8...>A!....)X.d...].........g.r@G..).r..7.&5.......C.-f..7.l.U.`...A.G.n...s....I#./......A.......v&...or..#.+8%l..A..*....;...T<@w....S./e{.....L.<.L.....d.D...6.6..8.UC..$.ui.&.TX.B...R..o.\X.._%.......>B>....C..8.;.".@2.W...)59K.n. .....G... .....H...v......U...fg.q.?\..h....{....u6W^...... p...KT.M.a..3.G....4(.+}q..,.=.....K..F.9E#.,1.$...T..G...Y.....1 rpb{b....._.'.?.b. .4G..7.&. M)...k.....f..y....Cp*..4#.Y.S".N.{...i.K(G...,.h......S..K.Z."..).@l.dPy..OsP^.L.Tb;...-.Bda..u...$.{.w.......~#...Y5 ~..<.`..l..h../R.2.f..........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):768
          Entropy (8bit):7.701062490136974
          Encrypted:false
          SSDEEP:
          MD5:15968A9A0BAEEE6E5F798B781B2E2DDB
          SHA1:605E5AD31F1E2FAD0E9195E183B43DF84C142FD0
          SHA-256:71AEF2F3647C4F297BDBA04474A847A8FDF7981298BD517AB49447B5FD329E49
          SHA-512:03EB2D8E5987BDDFB2F1DCB1FB5EF2967B7CA31A154467BA50F9C3386FDF8D54ED15951932A94DB4AEA20A171320468A4F29EEDD74F46D0AE7E0D77359371D4A
          Malicious:false
          Reputation:low
          Preview:.....l....2D N..d.+......l1d>.B..ja..!.c?(l.........J.s32..a.UumY.C.=Yr....B........&.%...........^5.v...;v.W\#.5.....d.P.D..*..XPk..g.............!`....z..#%8l........@V..zJ..>..$.w.R<PH...MZYF....S.... ..>I..8.....0.....XG(..!0P.l."Pu..ib.-..#..KH..).U...-.......F5.vC{.l......k....pT.r.fl+/<.7..q2+..n..m/Cl...^.hrx......+..R..(......C.....z..-(1.4p..r.M.X..6...M...EQ..q4W.IC.....M...MF'=W.9...k.P...VP?.4..<..".=+.b.....GS{..6.8..U.?..T.....c..O..u@...7.,....y.\.c..j^...J:D......\..;...1p.o...}...*.........qt.h{.?.{.^....0"..l......._.}.K."e|..@...F...c..8j...9..P.tYT..B..(...Nd5.../...f.....)....h...}~+.oB.g..9.v!..-.*^.....3....$I-m...E...[.W.U@__{...'..D...r..pX5...@{...4V..........-D...........=.s.7..8U........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.680979542112322
          Encrypted:false
          SSDEEP:
          MD5:92B9DC78D6D179E12BAB5316779D4F56
          SHA1:6D55C62027E207DA42200D4FC2F86A978D8E377B
          SHA-256:B7C6994E92197D8D041DC5A166069B6E7C9AB19EBC01619CB3F544690C32D128
          SHA-512:911898EBAABF28BF82943BAAD8D449E50D70631C7E7A77CE8BE156C2558C0EC6E6E04219EC3DD638A944BCD261F64A623C380918A40F96C01BA5F59221153D69
          Malicious:false
          Reputation:low
          Preview:li.g$.p..B..!.L..anL......%[.C.....Gp..Gs...........#(......gHl.h..].`}m.......a.4^....O~\.a|Tz......9.'.....Z...T....4n.YA....<,5_/.zD....1..`...(^...W\!`b..#.*^..C.X.Z..ddF..k/....}48.L..l.)\.c..4Z.$..rDl...^.0..'.....W...%..8......?e.2n....m...5.s.VLL!..._K.....'...Kdp{....<....:.C..e.j....YYOYh9.c."c@..$....C...'...^.L.X]..g$e.s.;...m.'Mc...T2F.'..}..o\.jx.*..!.....O.R..F.G....u...u.......x..P.s....F.m..(V.j......W...V-..........=M[.3Zg......Vs..Q....|^[....(...9.....>........d.E..c.N].x\.Hhx.?;.D.f.t...\(`..................a.-..V....u.H...U.EJ..RK.o..(E.q......,zA....m....0w...&.l&....8.)p....DR.'.Q....w.E.w..<G.!V.x...(el..V..2..O..x.'5'.J......j.{..@......C[.-T.9....e.c..............d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.696212740570092
          Encrypted:false
          SSDEEP:
          MD5:D9E27B165EED8E928DFB3F0D7A5F3B0F
          SHA1:D5F830709539D06BB1F03E8DEBEA712C019F905A
          SHA-256:BD5B1FFD73D2D94C1354FC04783AA06B04371DCF3B8A50B50E8B5157C566E55A
          SHA-512:313CCABCEC3B23F0BF04991ED7B94E68DBC09EB2A97FF89AE8F5BADDA6831FE5BA161C272096E0BCDF84AFF8469E3BE5A184262B673C1BD637C9E7F0F977FBC1
          Malicious:false
          Reputation:low
          Preview:... ..[n`.p{M.|7^.....*o<eq.b..6,5.x..b.,.%..qDac[71..U.....~...".."....)@uf..5.w...+s.....O..3.*..|.....3..8[.UN..5..U....q....jk....f.5 ......g;..a.~..}....)......cuG..U...).c...Y....M"...|...w..F.c._./....Z.?..[..B.?^.LN..:...{.N..b.n.ir...D*.-vSm.U..9...Lb.`.c....`..].?....._..6...~. .....h^aM.........9t...M..)%^._o......r;...pT....)....s.>."..j..nV....o ......:Cs...H..c....FB..2.x...(^1..R-.+t*......:.!.7.o.PU..%2z.+.._qd....Yj@.l......k...=..R..N.....K2.../m..QU.\.~..{.......`S.J...DI.....>.....G.uA_o...J..........>.n@dI..Z.-'.....=.gN.#...h...U.xwG}y../e.....h?.F....2a.....;...z...PR....[..a1..01.g&.r.dQ..,u.>.....z.?m;|2.Z.E#j.4.Z0V..._R.d....n.....u.-|*.@wcAB.k.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.7064688887235215
          Encrypted:false
          SSDEEP:
          MD5:BEDE40E53ECB2F840F37A3E31F241EF3
          SHA1:D7171DF8BAB01070B8251F7CE762312D617B6775
          SHA-256:F04105AD7DFDEA203E04E1573722D89FD741627EBC465218221431AF41A09275
          SHA-512:9BBA7320C5EC2329729C6C3021F7ED74685DC3EE42CF34AAE3B6314EC1CE1E0CF25949E58468FE5EF7A530D1E582E8C1062A471D587A07C5C255CF5FB27BE4F4
          Malicious:false
          Reputation:low
          Preview:.gE.f.T.HU..dz....6;Eq....w.|Q.*a........i...b.^Z........}....3.F'..bMY....@.....~r..~'...r.{(^.h. %..X.`.{.8..n...N.....^.^r.........V3....R..%B.^.kG...@G..s&,;?.... outu.z.~.\>{. .L....-.w.-o8.8s..1........Q..8...QRv.p.~.........W.D....e..,.".E.........7..Cx:.&.\.`g.'b..-..<........=V.4..O.I.4...YW..W.R......A..K...?.\..51X.3...Xl....-.0.8..$.F.2....0SH........[...|..r.[w....P.P.;.J.l.=.y....7..&~`6t8.^.....=+IY...o....0.pio[.\..z.QW..oe..P3...0f..r.Z.}.....;..,.q.........ZP...RTQ_.K...+*.A.Q....vt....d.>..{.U....!:.%=.8.9dR<.....?.]..". .4^.)3.;4...".}..*..O......V.:.L..]"._.=....Y/...........U...Z'...>.GgG.........yCU.$N.|.4..xE.r}.+.7.N...S.x..kI.a..K...?....ue.l.]....5JNT.I<l.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):768
          Entropy (8bit):7.679657179380684
          Encrypted:false
          SSDEEP:
          MD5:FC847D2427ED3E3A1ACC73BAADBF252A
          SHA1:4BD19C6FBD4EA85AF1224E2C6DE8C8EFC6A60561
          SHA-256:FC5B6FB79CEEE2CFC5C2AFBCCF3F311A59A1D53C7C3143D76FD424F763D7CBBB
          SHA-512:7C78B8D90D2E042E29BE2526982C2FAC88C739A7B7842E4106FA9DBBCE8FBE13169239236DCE045BADCA601AE572810449734FC0D361E6376F1F149AA233648A
          Malicious:false
          Reputation:low
          Preview:%..Fp.B..X..^X}-Da...D.-.rDI.'[#....=u.0Y.U,.:....#.rn..B<.s.......:.v.A.O..}'..w;...-......;:.;$..Z..]I,\m.*..x.;\$18.F.i.....m5.nI}j.........>Q...?.g.XP.:$..t./.......h..#....Y.-.i........EyC?.uj...-f/....Y...n..C .Z./\..MZ..6..C..,.X.T'Q.\l..(I...qw|.x...h....b.!..g...1...Q.5h*......i(.8..l{i...ou....(u.G.C.....(...sXN/.bf_."h.rt..}j.zS>7.....8.Z...#YA.....$.!...l.E.V.F...~.N....D....$..{^...[..%d.{...E.Y.gU.w..+...C~........B8...-..$.rR..b...P.:.b|^.E.....mX.D.1.@.xz......~+N.4\\!.=3t.45.....0J.0>..y.!Flj.IU..>.B2.).H..+.K..]|.D_....>.....7.~.J )^...t`.T..M 8yA.HN...zZO.'...#...q.7I..G.#B.n..HDj8K...8...'.._.d.....wF..R.=)..x.W.N4....n..."oY......s...G......4[..D.."MV...45.C.>OC?.:+.26[. ..C<h..2x.Cr3..,M..A...........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.679167018863664
          Encrypted:false
          SSDEEP:
          MD5:82C40BEA734A0D7DF65422D11669CB2A
          SHA1:31DE89061675A4904D05AE9DA2419C71ED8F6647
          SHA-256:3912ECB22EC7861CD75FB9BCABB8E77924F8C899B3EA795D881FFE7025D3DFE6
          SHA-512:3D4519CB269991B5D56ED97784570B23400AB62590F45DC9F9FAFD6E23D7A88EF35D2116EA3ECE5431DADFE11CA875AEFC5C532F47251C164EB5ADE41762D49F
          Malicious:false
          Reputation:low
          Preview:.'... ..,.\....5Y...z.H?....N.{yt....|"}..k.i.......m*k.n.e|..G.y.j$...4u../1...$...{?./.dT......t.&.q-.I....bI....)e.t.yCs....b...\..)K.G.Ip...1O.p..-......le.a.}1....F...8..n...<...-.O..o.....pKl...W..>..E'....N.5..U.(...w...v...K...-./......2.b.C.G./.7'.F..k.................w.....3'.c.....F...hu. ..w..}.c1.O]...: ...i....*MuH..u..C.5.tx.y.......? ...V>..d.#g)yX.......b.O...2Mi.-.K.....&..9Y.....+....?Q.wB...G...D....6...26..:..H9.N6.x..#..h4Z..8.+.....nD.k ..zI.....hr..@.@..n....b..8!."..%.....}....R....f..{.fE..X.X.1...q..@#....+R...F..#.:y.,..r"......<.L1.d.m....F.......K..|.G.m......~L.E~..f..H..CX.....~..|.D..%C...R.a...!.g..U....P..C....[..T.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.7141526275170085
          Encrypted:false
          SSDEEP:
          MD5:2C2082CA3AED8E3ED828FFDF180BEF3D
          SHA1:AA381421D0442F0B7ACC3C2D698D54D0E7E36236
          SHA-256:4D60B88678DDE3ADA7B7ECD02141F56BE38169A1A5F5B441F24621AEE75E6523
          SHA-512:95EE713E9370F8596C8D5B6955CFB8514EB98B90AB3A530A1031C21F77FC00100FCDE77A53B40506C1FF125A2925BE8108D9AFE51CB1FAA76265372CB8725E7E
          Malicious:false
          Reputation:low
          Preview:J!:'..1.9R...HZ...e..2..3-..&...e4..-.XR|....?...r.Q.....y....g.r...Y%E'&G=.......WCR....P.<..k..^......F...=i~57..4zX.<..^Ce...B*...V[4).MX.|.|.Am....q.....t....K..wH...Q.....f.X.....@g.8Z.L;.c....X.C$.......M.d.b..u.3.{4..Kv.5.U.b).v8zD....`u...HEj3i..%.K=.....cA..Q~..dq...T...1...c..1/{..`tQ.H..l..1.E..i<{.Ze.q..]_tz.-..w..Dd...v.lMu.....!.........Nf.8..|.}..r.G...D).....!.p.%zS.Y..Q..l.P'..pc...M..2....d.4....w..i...W.j...P.........Y...=M.O..R.#f.`..F..Q.Q..2....B.-..g..._....m..............\.?.Y.a.O~I..d.;c...].|?....S.f...;&t...s.;,..o.e.....v.}.D..y/...a.w....L'1...l...zg...2.-'..U..X.F.L7.;...D..fD...1c../..#.........1.nF..@.S.K......X9.$B6.i]FP.,.>..9......5R.+9.-&.-.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.721980528248454
          Encrypted:false
          SSDEEP:
          MD5:D65C0A2575052E1A897E5E0ADB3B0010
          SHA1:254F801494905B873F6C87520AB25FE37419342B
          SHA-256:3B9A68CEE1C5FDB1853D8E197CB61BC41D5C92CFC89C0DFFA6C1CB58DEBAF68C
          SHA-512:E45A25C1418C3B3088AA26E2BCE2F369DEB9A50AAB66E3EDCA5BCA80B64D174C5334A6609A70F97D9C869529A79D2B5EB8587A06D20232D6C77A9DB434C2302C
          Malicious:false
          Reputation:low
          Preview:..=Y.....e.H..%...D..uf&2..rcv6...BL...U.......olP.2..{...y...Y..%...z..x...|..j...w;.~..l..A......kp^.r..?.Y.\Ag..D.........@....6,.{..,.._U...3(.wB.c9%.%..@....2.RV...3_..T..EP...F~......a.G.sZ.A..,../....VeB..:..7....;...7.t..FK...85.._U..(h.k.....Jc.......X"..i.6...,.A\.{.iL..%.#.Q.c~.5'....T...+.`=.j.2...A..>z4L...&\{.|...].TXC.e.Y.w.O.]...@}#.`\....?...:...5..K..g.q.1{.L."......X.....Z.<.>..H..&..Hb.....*8E.)'5.........G)."....u....a.......m..._Ho.!.A].....f[.4..^VD..^...|e.....T6.&O..CN;..e..c.B5h...2z+...^A...#..R.P..|.r....pIs.j..nF..'.8..u..s....FV.?yG.dB8 .GLb.A.....s.Jd....;Oy.y.P...E...sO...T...;hXj...VeD... .=#..\...5G...1>.T-.....kV..v.....v.,.:.u........F...R...dEF..i..c.e..........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.735178081083703
          Encrypted:false
          SSDEEP:
          MD5:27D1F15D248E4F5975980EECC7279B55
          SHA1:566DCDFB3015686DDC6CB3644CF74E721C99B1C6
          SHA-256:85E69F3B8F51703ECF8FB7060EC6DE95F9421E9A7B60336ADD7F13200D84488F
          SHA-512:36D1818D3259D280BBF45A9281BDCCB4A1FB6779FAF9CF973F1BCE71EDCBC3B094191DF5ECE802E7B9F6E743EEA94E7E504B5D525C68FB1A17F8D77EF97140DD
          Malicious:false
          Reputation:low
          Preview:...'...{>R..gZf".7.`Oh.<...k ..m ...C+Kb.3..-......L...7.U|../...7...\..!).8.....$..k.^.B..d...9^;.......#..g.z.......Z....?......wr..mT.^.....5;.N.S..:-...G.r.1.....]Gy...>. ..]./..PX.w...i<..J.X..._....l...A...M.$9*dT...s+......)....N....}.[....t.Q.?.+.w..D..g..........%..M.RU.XI".ua..r.Y.B..n..#..F..b...A...a.p..}{.n..F..k!...M.....@...U?H,..(.h.....,.>.l.&...'....%lq..E.4Z...*..~.&A+.A...l.h...'..i....2...L..F..F...........J.N.^*%Boo....S,...JY.o.L.d..J.]=...QG.. :d@....T...YW.>V!..3..=..}.S....b^....!.....~b.R=.v.-+1E4...1*.......U.D.......7.....8`N...~l.o........a1@..&j.QQ.\.2|"..Asje.r=z.<...X.RR..(i5....2...j.K1...Ym&...S.lH....w..m.......RM..`F_t..... p.:.......j......dO.+........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.740558852695108
          Encrypted:false
          SSDEEP:
          MD5:11356AB838E9F5B385156CAFDFFD2608
          SHA1:E750235F4A91936883C31F08DBCE448CA4F9447C
          SHA-256:47736B36B934BD7C727F6E9FC5E3E62A87594F7F7ABA9F8EF32D189FC02DDD46
          SHA-512:B8C77A28B8A63E4D2D8EA9DE4BBE64E948A3CE53D3C8225419C3E4B5F1DE3945F49D87CF2257206DC0DDD79F14922C4A63E535C447BF367A3E9CB0F74E42A54D
          Malicious:false
          Reputation:low
          Preview:_..V$..N.O.................e9$.........>....[E.K. +...q .=...w..^3...p|...sE..]G'4.03..~j..m.b.k.5..2A..p...X.k/~....e.pU.fH.......I~........r......d.7...X..........@Z..&........k...>(..P..w}<.7J.lDx.u...'.......-p0..L.4!n.%..4.zR..X/....6n....2.@Qh].4..R..=.@...J...TM`.!^3.3.@.8..w...#....X@...y..v...cHa..bb.n..#.aGf..8..I...L...[.\.R-'...k1`+.~.@..*...A.f..9..(5|.....OG..J1..f.av/..V.).....-}.y//.Z...MT.. 4..td.G*....N...TI...R..;5N2r..[C..A...............W.._L3...VO...{?.....C.d...%.......N."...-6Ph.o.s.^.P.....3y...\.3*aB.}G.Z%2...[...xR.....w.B........d).R.b,+...c.II.5Q.u ..].q....8.B.......m..t...C....^..!.tG.o.=s.'$.O..Nk3a&1..G..>.4E..%4I>!5.3...Y...+>..[...@.S.."Ei.O@.............d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.669422638701077
          Encrypted:false
          SSDEEP:
          MD5:EEA74E31DA99EC6FAA1097C653B23AA7
          SHA1:9E9BEC5B44B060BCA9E877BA2E3E72EFD92E13CE
          SHA-256:54D50BFCE9CA0FC46B689B8B92CCDC3D87DF58FD34EC5B0FB960A802A456D34A
          SHA-512:99C92C0D232CB33BD0A9939C2086C8A2A0DC22894EE8C8EC1BA37C72DD251E743D4CC61F1D3F1F87C2B23DB2B19E0E41DF02FE72AD649182301CD21B3859ECF1
          Malicious:false
          Reputation:low
          Preview:............M.....~}.H8..Y&A.JZ7....}...TA.....Y....D...]...........<?....'.....lO....%SS.<........G..U..]\.b.nP{....X..Nk..^.!.b.._5..(@...xQU.....l...c.{.7.N..A.~.Cp..g..N..Rug]~...tX.]..C./.....c....`.njD0.Nz...3J/.3"Sz...N...[."...b...6..vYtL.G\...n.z...@V)8."a...>.m]....a.C..i....$.b..j.{....['.Cz.;.......8..u.....{.=.>Y......N!..@..-...Ah#.OxX....R5.}..$.Xa.g...m.._....3...e]....R*.\..u...4...R.x..C..qr:.O.}J..l$e....g..S.{.".+..s......!T.#J..bI...0].b...=".m.D......DH..[hR.H. ..%X...0..e~....%y'P^i...ix..isN.B....[........N...m.0+=6..Fq.,..u(....:...By..g.]Lu#P.K|..i.......ru.&.]....{y.O.5.U.}.A.N...K......1.......[.s/hE.;..;.7..l.....M.5$zZ....;^.c...h..o`..3............d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.761167540121081
          Encrypted:false
          SSDEEP:
          MD5:E39F76416E15BAA036306673B7BE686A
          SHA1:0CEF19037E94258F63E2B450FD97A3E268545861
          SHA-256:AB1767D19446DC5A93A4E10C033EFC56095F3F3F7CB3AE41EC622AA41661042D
          SHA-512:1D3CC35CC90CDE2565F8653B50D252F4B3ECD4A69103946974F5817DB5B69181300A3A607F6928BA7A1B7457661CE3ED79D2A9DA90EBB2D868E032B1723F5260
          Malicious:false
          Reputation:low
          Preview:...RG.E.......L.S.{J...3..NO.6..N!.I...I...F....-P.........&..y2;.........`....f...;..~._...`..T%.)......1.D...2..........i..5.o..]k....w#........'..(.z.....i..........~1..6.R!............*..,..&..q.............l5.~........\a)...O"...)...a..iBh..rv.'..d..29..j'.g....g81.d.>w........,.l...R..g...D.o.D)..J.o.x...4.._......a...k.ij..uQ..xb..U.d...m.......&....c.v.+..ct9%.3.rC.@.&.e!.G .@I!.;.].~..K.iC..5.k.9....}{{...I.d.H.M.7.-.L..Y.v..v.|....i.l..g_..~...X.)...?....n...h......x.Y.p..$h..|*R...J...\.@..Z.tA\.$...-..U..<.....'?tp.4...".m.Nt@3.SuZ..r`..H.B%.l>2..|.ljp8MJ0.Z..6ql..|..T..J.w.L.......s@_...L..]`...w..u8 .....)......Z<..................k#......[..~[.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.719414596721306
          Encrypted:false
          SSDEEP:
          MD5:FA4C8B5860BC2DEA9FE4E78501379C28
          SHA1:C0F7004A2C481B07EC297D0B193FA2B016A71904
          SHA-256:13A4DBB1CF9CA8CF8EB6741D4D1ADAC04D60B32DB0F7C90B9907879A4C513627
          SHA-512:2E82F84F7B4BD381DE1D367AE132209F5A9E238DA3636ED97DD3060470810DAB84F080D8F8B6A15FD8495D728198C06BD5D99DB1741FD6D82378332FF048EC12
          Malicious:false
          Reputation:low
          Preview:..nlvh....hz.[W..,P..?pKd...N_w..g.......a.!....3.F>x.....&.E....P.Ka........t*2./b..I.........M]...f..].D._...sI.R..Z....:M..p.[$.......=..*..w.=.B.g....-z..X..a._g....[.TV~WD/V*.[.(Rq..f.+.\09d..w../..8t'nb....._iW.9F..<..(.Zyc.A.U.......[i$.~.Rg...0........{k.]..9.S...m.XW{....t...G....Z.....mR...(....Av8.....y`...<S0.DE!.e.....b}&=3V..S...<.~.I.Xf..-...Y...QE*..\....{ph...<..j...*..R.rHX.U..dz..nZ=....n..mEt.....".BM.....f.%.......n.R.......-.Fq?.<...J.[.5...n.<\.t.cV.......e...1:x...UFU...-..Y3. ...$../...{3....[....<|5( *....&.=.......T......[....\D...I.r......(..l5...._La.i.".Vh.)..........g....\.q=K..F8...9..I,.F26a...K.R...Y.....Q+..j.A...t.NA.).W.<{)........,.)....3.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.683171556114102
          Encrypted:false
          SSDEEP:
          MD5:901CACC9FFB1A8C311FADF443D325B58
          SHA1:60D2C28B17BC13CA127AA65D2C57B74F4D140AFB
          SHA-256:1B3CA10EC26EC4BCBD8A1168BE0AD332657471D4BF6AC57DDD1BA482D5B53224
          SHA-512:0F0CEFEA6AE2A45673895EF9DD0E26DA4D7C4B28EDDE43569E5C37F6C3D670E8C79377D6CEED6C83C0A87DC6397FF03F9400DB547B339BF4FF8840FBFDB11298
          Malicious:false
          Reputation:low
          Preview:f...`..........?U.....W..H.>.!....wX\H.SMnR.T..4^._...f..Pi...].i w.(.Zu........7.o.kn...]Y.\...z.D..f.....UK...,*..=....{_..`...Rm.u{..b....+.>.>b.L...@..F...?...hK,.d].)VJ.2..j.Q...1.92V~.'....t....05....../.!.@...2A...c.:W....>.H@.A.....,.J...C[*.V8...N==.,m..9........{....oVn.(+...m.t...H....}....n..x/dN...E=.....4...'",vU.b..b`].{.....%i.n..AV..~.. 6........D.w..,.\....[;..bx.........."u.7..J.....B\......l....Z?'..........iN6.Q5.NO".%0..VG....-..bj....u.....XDiR......o.S.KC........['...[.Z8.....;....u@B..a._....6..!I...Lel.i...u.E..Sk....FT................o.~&A+y.f.*.....;6m4.4...(.-p.6E?.-....K_6...S.`......:_9..~<...&..Z.e..l.ih...qxK.....]\}..F...g...1.O.OiA.....^3(&#.D.B...}........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.74125634613396
          Encrypted:false
          SSDEEP:
          MD5:80BC06C9547F6A0B7B5991AEE759D1B5
          SHA1:9A8067DDA54AC626D2E864251D981B974B65095C
          SHA-256:5697A38A5A6D0F48345C6BF3B12508C6A79A6EE75D1DA0A1FD30DE964B2D09AD
          SHA-512:C6CC23612AEC80703DC90ACCB90B66BCD1732F913C3E6F55CA7CEE3A8C609B83FEB9017D6F4FC300E53515625E3CE44F4828CB5962B2B311F41142BAA9B8A9FF
          Malicious:false
          Reputation:low
          Preview:+.Uv..Y.....3...k.c...D.....kw...k2.....zxvw.}|.....2..._..i".r-.s........j.hE....o>#.o%..);.[......7A.....E.(.(51Q.9....H].C...D..aB.?.u..6az.N....H.. .`..g..Q.. ...8..Y.Lb....-...s?.G.Q..I...L9...@V..:.1.8....h.y.yp!...\,3.;....i.s..Z....5.FC...IyG{.$.3..!(JR.Ui.*..t.>E.w.68...<..s.k.k.....Q..Kr...n....&S...gX.<....L..N.D..f,...d6)y....H*i./D~...'..n....;)f.P4q.N.....2..p..]3U..q...1...X.yO.#.p.;'..9.O.n..W....5.LW..R.F.0Y..p.`.o...'...$..SpA4ry...[.......,.X[..M.....D~..c$...D=-.io.M.....a9..J..g.....(....<....\z...0.....V.......i`.......e`.*%9.........n.i./45(..y;......[F.."....Z....f.}.2=j..3p...K..7|..w..{.."J.O].C8...{y...MQ.h}~@#.....1%.A?..O...+%n..J....&.!...................d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e0924daf8f4398dc_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.723209379678584
          Encrypted:false
          SSDEEP:
          MD5:CF6B9500E98930CFCDBEE1F6809BD479
          SHA1:470EBECC83B49B5D05714FE38F3621BFBC5F7175
          SHA-256:44A486A43567EE49C6C190990F94A27307C972BECE91012AF73BFB672FDEF3D8
          SHA-512:6CF80D07A307BBEDA613ACA43B757108C74B973FB1DA3CD83AB20AAF6AFBA4DAFB8F21F0BE4CFDACD5298FF0740D7E4D5B0C60C5DF980AAEE4ABE7531923279E
          Malicious:false
          Reputation:low
          Preview:."..+.O.H..-..(.....C.WaA;C=EYC......S.oZ(1.6.o.aHV..{\...;T...}.P.xy.4..o....ncl.:...6;...`A.|<J..(L.7.@.[....J....|h..].1...K,@5..m......a.@..@...].".{..$E.k....V...j2.<..!!}.^...;.....>.N..c.7.I..`.......iE4.Z.v_}a...............U..p..Xw.7..c\....LJ.....%s@.6@..qP...M.....\t...w.c.:.;.n.l.g..:0.n.......+? .....$M....o... ...Y.....zH..S......Rk..T..7r.ZU....-..;.Q.1G1%.x..#.V..q..N.5........zV.....d.v.3....RC...H.\.[..D..n.37..7...|...\...q98..2.WW..?n[....z.:.<.CH..`:.)..M.Q...YF.C.~..\.U.....Ia6...;.J..Xq.}.....M....y..L=..7s..(^...m....EA....[mSbh..R....|.........i%..:...,..../....E..sN..*...E...[%.. ..w.p.LH...Z..+....B....&^..+.1,....T..R4!..H...~.B........yZ...&.."...1.cP9.v...........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.729997272019307
          Encrypted:false
          SSDEEP:
          MD5:054CB2BC5471AA04AB17B4C988FE717F
          SHA1:8FB08696843C4C11802D1B97BE6A14F65B45128D
          SHA-256:730583B8ED9E3CE0310772824FDC9591FFD5F44FF1AF1C93E48EF2D87DF29193
          SHA-512:286CC94EB9EDC87E26DA5F1BBD1B07057A557B1501D2D4988284F1C477E9093DA68BA7EBAFCA5BCD24E17113DED5D84CF5595861A4793E9EC3A4BC4A92D51230
          Malicious:false
          Reputation:low
          Preview:...[M{....A..]..c]./..-......@)..rF...`.$.I.D..*....b..P?.0 2..].U...".Y....i.#DZ.....R..y.....N."{....X.g;N..4&.j.N...B\:a{y..p.rV4}...m...B.X.:S.U....#....M...2.}.oWS.t8...g-...D.U...........P1..j...~......*.Sa..5.@.[........ly.fq07"..u..i..4(.........3FN.l...,..........@.W..2...)...3b..&......9.g.-...w.3.....J.t..[...$v.......H)J.UQ........?..*3]."d....X!vQh.....].....q.UVB....^.^I...+y.nU...1..1.U..[........#`..F./,...;.7.f.;.......'"...2..#..J.nj.7....MO'@..T..P}]b.&.h.&..m...Z.9.....4DZ.Dx......m...DY.......Z=......8.^Lm......w.B&E..6.O..Y"^...-.y..LS:.9.}..L:..8...'...w..w..K.f..3%EE.5.......5....8{0.7o..Y...C.Y,.Z..Jo>..O...N...o.q...1...%k.....Z..._.....-Uwl#.._.%.z.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.698866989442995
          Encrypted:false
          SSDEEP:
          MD5:CE69DE3E85FD53D2E4812AAE5F2D4B72
          SHA1:6E351EFBEFAA17A26F310ED714EFC49877F39774
          SHA-256:CE0C5A4D42F8FA8753B4686F485DE5E1FE2E492EE4EC072B82EB7B899F1C1687
          SHA-512:D8FD0DEAF29ABD9CE1BFC258519D2DEF9247715C22424E9778B7F107838B7B52A74946804F3C60B419DED541377752E16D10C01BAA116A14139F8F550682E121
          Malicious:false
          Reputation:low
          Preview:F..S....Ds...|.E....*.:D.m{.2...7...*...m.s..5;..5..=..H..S..)q..b..,........I.c........R..........,d.le...%q].QK.JOD.K{m..<u.x..rh.....i...H&=./.C.j...K.B..\.e..Mxi../.8.Nf..*~...v.4.y.L.A5..0+E..t.y.......ZO.........U...s...O K$.~r...g...F4g5?..3..q.........^.z...Y...GJL ...tI2....(.|....!3..=.X..XI78v.....U..U!..m.....&.Z..reL.d.cZ..n.....6....m..2...k`...I....Z.l W...0U.(....4a..."..A.)..u....`..(i.8.....Xb.[..N.L'........6.O....o...H0.f/.CA.=.g<C.OF.y.<.S...n.l..h.C.....M.B..]..=G.f.U..Y..X.."2:.....6....d..0.4.........o.`........9J..%[k.".r.}G....J.0..f.J..[cTZ.!....M.4...>...........yd~......y8\. m_....f.E8..~.:.C...o.......*....g^d.<.`.p...`...W...B...n.D..#....Q.m...&.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.694273305509839
          Encrypted:false
          SSDEEP:
          MD5:FD4424EF1C3286776A49D11620F9A64E
          SHA1:C42F37D4A984358DEBA5DEB64E72C104F7DD74FC
          SHA-256:31963DAF733138917424AECBF0545EBDD8A491EA6BC6195A57A5E06DA346F82F
          SHA-512:7A9BA0CA26B14FCC00D5F239209C79ACAD14449572DC78E0E6309291B295519AC5CD35F8B4AD866E130EC6899E29F7E8CB1A1DFE034676CB810EF19E2174F9FF
          Malicious:false
          Reputation:low
          Preview:.TK...vS.......V.n..n_......2..."......V.....H.yN.EsP.u..).Y.*.j...t.`.`...er>...5...3(G.xl...i'.[..?)...v..W.SD@ ....O......-...^x(@.h}.x/...^...;.v...H ..c....w...?..g.....v.;6A...<..3.....^$.c....r..N...65.H.O.OV{...........".F..Df;.8t..Q....]K2...[L....d..o.... .......(.....8%.+...z.bZ..#`....d..d9(.......y|u.=..HQ...v.m..[p...:.x...tE.....4)F../.;..0...q.Gx.\d....tc4.rP.PHX6........n..H..3..._...b..:..).S='._..(..Z..S....U..*.E..V.n..U4Q....D...]...'.4.3.7n.Q....vXr?.f.....q...........4.dM}r_...c.i4..%...W. .5{.S.Lg...:l].o..Q..L:...gx....e.....+C..Fb....N........,.b#y"v.d..U..4.eJ ...77>j.4.c.+...u9..\[..Kz.r$TD=9...9..5....y9.Ez.".....NZ..|.Sk...f...)7./".p...H_....9U...p.......%>.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.712796719988341
          Encrypted:false
          SSDEEP:
          MD5:DE17050DEC4579CA85CEA89289C1AE69
          SHA1:EEA0F12E7860F78C9050CDD7148C35D74BF785AD
          SHA-256:09B1F914ABC8D03EFB0E78ED904595D11A31DC54386A67F478C2CDA13B8DC040
          SHA-512:D3857DF4266598B2B8AEDD875A46CC51D01C90D7957A4600AB6B03121B8D2DCD0249AE4040FF09404469F17E0B24A09BF540A1D11294837C942D374AAF86921B
          Malicious:false
          Reputation:low
          Preview:.1.$..PTZ....0F.|...L.?.q.I.?L...;..&...r.w.}.%..<o.}M.#e..p.}+...H...=i...-n.[=..j.^p]..|.2*.jN..~...T..f"....!P..@.K..g....7...2z.....>v....2-..w.......i.....].-...,N.:.c.t..B.........w..O.2..p.&....y....8...j...L......KQ.`i..k....P...So.[...B....Q.C..........X.j.{3.l..n..<...Z-..'.%..Z...."..^'7..P.]n.'{...../~.J@...*.R.w{.G...y.!....B.G-......z....K...Z_5..q.Y..4.~s.'.qB......^b...M..py..^o....B..%.<..D>..b.qk...rj4..l.(.............A.0......v....(".r.$Om.:..R1.^........QR...A.x..1....Im.]W+[.%a^....a...._.{.....,...0.J../.$`.....gX.{.....P."...._.>^..".....T.H...|+w#..k.v}..J.I....@.]..,pIm..1...!hi.&W..5Z....<.fy...h........|.G.o.HN.@2.5.-... .....6....D%...7.w..k...&....G.............#|..........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.684774387791075
          Encrypted:false
          SSDEEP:
          MD5:80688C3FBC958DE47C2E9FDCC05778A1
          SHA1:1BD39F6ECBA5633559142713444BBB4743C90F90
          SHA-256:74EA22785807A669CAE37C0005E5FEF41A6CCD3415FCCADD5E2AE2A82A5729DE
          SHA-512:942CAFF8BB8303054516CD756376102E4D120FCA3AA65269AF54BDC7E5D1CB2531AA3DBD86C72F6437C19AA6DFE9D0C8424FC6CF41A2A0C476B93EE281EE7F4F
          Malicious:false
          Reputation:low
          Preview:=......C....kb.#J.._..S...;... ..'..\.|.v...S.vB.......".s..B....).......d....Z...yn....n...B...;'.P....w.o...v..d[.T.Q.Fn.g.8..g.).L..'.~i.D....(....d....Qg.{.wW..w..I+..P..m...;..@......X..-A..>....B..%...p($...Xf....:e.aS...z.........2c._*.T.sk.WA.>.W..]M.I..SR.\.5.."_O.;...N..f........d......F.y6.x..&.e.jn@.\.e...E...p........d.....K<.H..{.....g.#/.k.Z..A...d|...F..aP..A..L...Itcj.'e...gi..P.s..L.I...(.......&{.,...V;pO[...`L.o.y.$.kK.i^...*...#.b..K...H......&?..r\.K.-......$.h.s.r....z.....v8...@.@w..2....e.M.F...\.+....s|......V..c.0.M.C... ..$.....M..z...:.&...B....l..3m....+.R}...D2..":.W;..q.4.*..X.@..&*.3....l.d.....B@E....".mkE..+..}fHS.Q..KbE3..*.2.s..w_.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):768
          Entropy (8bit):7.757392315413113
          Encrypted:false
          SSDEEP:
          MD5:CAF56321067CE16ADEBFD3790A2607D0
          SHA1:E40BB6C512206CA0F2F441E5BDCF03358FB9FA8E
          SHA-256:90570DC02EC2AB26BC5372ABF2668E695EA5EA2C78CC9C6A43FF03B6ACA1E0A2
          SHA-512:82730211F61441A07ACA25DD36E45CAEAE0C541586FA9023BD388A1690885A34BDAEAC3C446E956A4603B43FF72B1DDA825DE99772F5C8BC86C2CC908115142E
          Malicious:false
          Reputation:low
          Preview:N.l./.x..|._...PA.Pp$.7..Ap,...t...v.......c<...jT.&.*.xf.....eJi...~.M..'..K.6>..9.>l...S.\.Rp.BjV.b..h..`z...o.l(.W....7p!........5..{...j........+2$r..s..D..%?y.....\OU...%hJ....P...t...K..t.z..9k.|^.Vd../._'?.{...R.`.(.Y...A....>.~.Mja..N}..S..E*rC+.[~_t.c... W.'.0..X."({..M.|0.|.U.\..xP*..?..',.``N.a%....fz....Q....`....y.7s....HO.b.c..y....#.Aj6...f......#.I......+.... .......|Z)#1..rg.Q..././.......nLJ_..H...F....|..<V...X.N..p...Y>.m..........K....S.......$..@)6C..@.j..H...}.F.d^*....M.+)&..F.,..}...........v...~...3..M....|.$..L.N._....Q...|.C...7GL.........YI&-.W..,.*l..Vi..."E....r.X....\u{3*e.8.....T..../..-..Z.U\./.:..`.].....1i.G...G..v.][....O....\.0m..Y......4.......FA....4 ..\......5.n.........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1488
          Entropy (8bit):7.853644014063698
          Encrypted:false
          SSDEEP:
          MD5:919CA5840FB88496BF90D434F0CE69C4
          SHA1:F2D97DBD3BACD8D2DBE750E49CA8FD088402DC35
          SHA-256:2329DCFF0A78F7927D29100844353DFCC680859BC9EB4512B577037CF27581B6
          SHA-512:847C69456335A586CE470A661B01A6CDED6A88E08D3FCCB6C54C83BFDE59C7FB5AEBB6F9D6B885D3CEA1628720BFEE10AF7582F324E07FC50D95F78539570D3D
          Malicious:false
          Reputation:low
          Preview:T.........6hG.......*LN.P.......4.].`Y..9I..z..[O..l...[...Q..c.'....{'...1..T;.{..,4d...r...V9.Aue;T!MG%.(......0Hu.#N.P.b.{....LBQf...Y.....$R.g.D.Lm3.T.M.n..p#8<J...^....E......K4..#....-..*.I..1......N....>.R...k.4.e.y.]..uX\...Q.QK..N......A..9+J)....,r....q.=k....*.F..y.,..B".}.....tH.....|...a...P..BO.d.v..W...+..n....z76r.....&d.PX..>.I..8q.k....7.k....%.../....A@...r....A.f..(..u...EmZ..y..#=..Y..~....h..&aI ..'.....X.m6.....c..N.>.l..J..).u.R.......[..4..3......\.._6.}.S.......q4....|...{..&g..RY..Yd+...A.\..4u...o.\;&.d.c`...2IZ.....s.....m........+..m.t..f.....;g..G5..|m.j/.......`.j.^6o..81.Y_...}.(7.....K..n...$W.S..Y.C.O.,.K.....Hx1..F..F5j.#......Z.l.~.....E.M.a...A...p.f..e.N....WE..f.E...I..W....F....&.6.:.A...j~.z0...S.D..{..j.P...8E8...."GG...f0.....$..B..l......H%...i...2..$..}....-.6..5,..........{d...t.._...[.b.J...,zn 7..~.'.CF....[t../Y.H....... ......Z...~.1Mqe..o;...c+.r9BBE.u...K.Il....>.....n.....b.z. ....G..q

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.611139463858934
          Encrypted:false
          SSDEEP:
          MD5:8B1D097E89E24EDFE833A5C676C3D9A8
          SHA1:C76268B2681D93A2EE5B69B37220C63A1755F048
          SHA-256:5B034930A1E197F774B670C9512C6E7F8A1E8BD3AB11BA6D0B20173C9A13F21B
          SHA-512:B5B271BD779154376A91287BCC3BB14F33403F23E662E5A7F64E3DD38CF70694C00976016E2C1822ACA44C1494270741A3D6CBE27C5C9D377676D73B0121AEAC
          Malicious:false
          Reputation:low
          Preview:Yb..P...2f>.........->.}.G.2l).*.l^s)...|.......?.....[.....k.;6/......|.E.4i...F.T..d.A.H...y.s*...4MWZ..L..d..."......R.+Y..\.?.t...I....N..oh..E.Q.L.i.Z....t...&P..G..y..&.._...i....pwLD...o.-..R...W.Ma...-&t...Ze..[C..w.y.>.....#..qqK.h...o._...w.:}:"..k.....#.m3.tqD(...;....3.5.R.f..`...*....~=.uf~F..x.?...T..........b[....u+L.[O.8C.....d......N.at..\V#<....{$..|.z...d..J..,..T..A#.Q.X.F..=.|..8....pRv......%..-EJ..I..=._;C...4t....za..Z...GC..6.Q.b-&?.y8+vd...,ZS...s.........3..q.}]..O.Cr..a.5.J.GP!,..........d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):656
          Entropy (8bit):7.682016112684489
          Encrypted:false
          SSDEEP:
          MD5:2178F8351CF2BE93FE1B820E70370651
          SHA1:D70EF780F103628FE926104F45AE6CD000CD488F
          SHA-256:6BF849A0D4CEC15AA8DB92EB153B27AFE65276892A7A6F5FD6863966BAC97C0A
          SHA-512:5E4E78A6BC1B958F8189580652CB7194973692F16B75C41238E83DD10A22FD199A9187750B50A9F3CF556CB1820508D4A0405C393CEF7C2B0BC6CA4C69C05249
          Malicious:false
          Reputation:low
          Preview:k.=..t.v..Q...1....R....<.z...r..2qK.Q...Y..Z.&.B.~.Q.!......~,.We....mV..)i...x..y..,.5.....'.u3..C...wD..-.Lf.#...c#...<.../TR.....1...f`..W.tH...!0.F4x.....t... [.k.2e....W.Tm.......^(.. ...a...c..I%........!.^n..+[.%......e4&...8...G{..A..#..=..(.."..V.Z.@G..7;e.....$f.....D]`.QK.*..LV.7....R..;K.....w.^....M7.......`..gHmT.n.w.+.+m..=..*......... F.....r... .<-zT4.Y}C>......GR..mQq.-{.T..Q.#.=...a...Z...L.pU.a$.....o`....YvB.9........>.......C.......,.O.Cm.{.....u.+..o(....v...Z_.z.vOp..E.,....s?i..[...G...nz........=....F.<Q.dJ...y.'B$....$...1....@1B......U.U.y=[.....I....|....S......~.......d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):832
          Entropy (8bit):7.7317882819608625
          Encrypted:false
          SSDEEP:
          MD5:F0C171CDC45199A1A4DE7B3D0F11F614
          SHA1:21E6FCEE49833A321A52133FACA381A3866ADDA5
          SHA-256:6B7F78E56F99CC3F173E454CB89BF57ACC3415913B76A5E07A536911D872869A
          SHA-512:530F7EE353E1079FB84B797A3712C6CD80B0612E54C5384537FECC34FCE786715F818F68F54468B52AA98F2DA6F2E4A5F39EA902CDBD11F8A39E2003B208BD71
          Malicious:false
          Reputation:low
          Preview:o....B:....:.i..B..#......1.J.;s+.l...'....D.X.^b.o.9?........A.>...+../L;B.....R.,.:.o...NO.4.[.......`.. .*..{`...9ESr..8.T..G.jG.....s........>t.d4 ._.&..R......O......a.m...?.%&.]..uL.@hYc...`..QGW`.UZ.2.8...sh..tC.;...R.T......i...A........K.H>.....\M.a.BY..~G..9..i......d`{Xwc..;~e...+..KE.Z.n..A.......?ML.J.Q...d.q.M....^..En...pd........u]&.......A.....{...w....G...t9.........r..cUl2O.`.tk..`}v$.....J.5...%..nT_........z?."....W.0............R.~gsy....J.R..j.\........V.01..n.v` }n~.e... :.....HZ..f...~..0.....<.b.7.f..6.$Q.]....liR.2g.....E.....r.0......{..%.2...t...Gn...hi.].6..{..dT.h...;......[..}..'b.k...../."G..q......8?.p.!.....*..o..6.TOv.^..<.z:.9.e...*|..b"....?F...I...M!.......x5......f3o.....;).....u|.t.~.......d..}..24...s=.;...:......y8.....%.......d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):576
          Entropy (8bit):7.639935777870933
          Encrypted:false
          SSDEEP:
          MD5:B0BB2FEDBF55AB299AC3CD19E4615F9A
          SHA1:4167A21E5ECC48CA292A2ADF17554366182346DF
          SHA-256:A936F5C24DE9D76DA0E89029E852243F7776CFC7E7932F3054422BBE94876A84
          SHA-512:E5C774B8DAC5B4858051966B39B13746C7B251CE2DB0869BE2330E76E899AA56ADC8172E1058639531785551BD7F3E11C516060470E9FD5BB5DED483753BABC5
          Malicious:false
          Reputation:low
          Preview:2.+....%fY...H..s....B|C..n.6'..F+P.......|zS...yZp.../..B..m!.....=bn.$...@,th........z.+..+..usH.....@g.)1.d.........\..2yPR....E6:..|..3.a3..C.@....m..c0`..y.J..T..B.[..i.3.Y.`\...d...(.....G...C.........@.>.4...P.0Z.qBa...W.uG...<O-..$M.C..R...... .u....V.g. =)J..........\./+......P.%:......T...e.-.!:.. .i...i..gm....3A....k.D......1...,;....h.s.....'......4p. 1.]....j.FB..6.........b0.......%...e..t9.A.WG......../<...Io.b.,.G+l.M2WEm}......0v....<.".%.X&s...mf.H.Eq_....4.p.!..=...,8...q.7..c5'...]._7.W......X...{.Tb&..).......d.......

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):131600
          Entropy (8bit):7.998689419148905
          Encrypted:true
          SSDEEP:
          MD5:7645F3A2E073C00265AB879C687B8921
          SHA1:E18B14B3FF849A70E31EBC43EE1A9137ABF4C5C4
          SHA-256:60D9130CD1DAE8A4F05D22AF52B87D49095E19E93D15DC0F96EBF687ECEE82E9
          SHA-512:A2EEF6F73747BA8D7DDB5F63B3E34A609188B035E551ED424D5F68664558FDBD94868528CE30819E427E1092F0490C32A0D5EC265AE44BE97EA7A5BAC5865EFF
          Malicious:false
          Reputation:low
          Preview:.....jV).|..)n...il..........|....*Z..AV1.L.T.g#&L...".n.V...V..m.X...w/....P.E.=......}....1...{W...4<[.....2.R..e..dy..r.'....B.d......^.5~n..>.'...E.a..~'..\7~C.xv.L.bRG...J.r.T..m.}H...TV........1...'~.....1:;...sY9.?....]B.#........8{.z06....Vf..$2..=sQ.|...r5.K0.P.U.Gn.2;....h...v...].......>N....C..*...#.\.5...v.;.}..Z._......}.u..!.,.N}iY.Yp5...2(.....`d.r:.....u..\.55.1V.x<......U.z.. ..BO.......J..~.V.p.Jc..?&....v..Kb....h#.e.'?.A.!.....".B...-..b.....e..r......wUE."..`....?.$G@8<,._.Z.R!T!,..!M.d..!lkj....6.(.=. {z...(X...]..*G...}..E...%'.l].,.-".SZ.,..{...O............].Vv.L.J.'..)..+..H.i..K./._..^...f..C%....B.Q. ..YN....Na.XiA....=....P...+...L.....'`.cf [w({....Su.^:..........J.'.......N/...x..qT4.,0T|.J{O.....]..Lg.....!.xBU.3..K.y..Z]. }.j......u6.w.......2w8.......^a^n<....^..|)`.6........pt.*T...,G.:......).....h.B.u<......).H.<.......}.5..t.Q..(...IX9.....,....d%l..t..c....zUoo..jM.h[<.p.Y.R.`..Iu.<.rs;.}....

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):21008
          Entropy (8bit):7.98981933859493
          Encrypted:false
          SSDEEP:
          MD5:A94867AA5F3B7A2EF47BF11A9EF7D71A
          SHA1:391E5E91E90D088F0C60DF077A826C648F49A9B8
          SHA-256:7154C2CF66B3AC897F10AB221A39B9587478A53F0B4F4312DE9A250A83BC8A9F
          SHA-512:EC50E7A436F7F0592E914925EAA7B2579830B889143C3E9DBCFF83904B55ED592907F8D09872FF9A3B30E739B12906C2828E32953D47BBB446ABD6828E7D2015
          Malicious:false
          Reputation:low
          Preview:....?`..Y]..Dt....q.......>..V...N....XBO>..Q...R?..~Z.Bx......L.+.]....io.9Y;..Hd>!.....=s....K.>..:./ZG....m.u.......Q.$.(y./.@.+.@.;......a.t..q..j'.!p....*ww#........R# bj.#..z.d&...O.......b].].C..x.....X..eW...0{.W.s..?9...L.C..*....m...`..7...p.4....=.`j..H.....m.MJ....Y....c.Z..6.Q......~0.N...W.....`.Q..5.=...;=r.D...a|.T.m.p,....K.Y...L..(....2. ...;W.-..$....k...]`....dB,...d,:Y..+Nk.V..9`.q.S.....I}....4...#Z...>%.)...qb....}.....c.GV.i0.ZI.y..G...-.E(DJZ.....A4t.Hx..Q\t.V...........ce.p..s......_..O.. -.....[D....~...(.W.?C....ra.[..R.).b.t....U. T]..M.n13Y..$..|!i.Xj....j.M$....(o........+.q.8..8g..|0.)V..|..`.5k.Aqv....n..D..4O.LB.%.5L6c.........Q(.dGC4......I|S..s.'....A......)4,...wU........}..="l..P..(.."..Zw.K.x"..o.J..d...+.8%"[.....l...x%.CP....@._-.Xq...n............]b...}!..uW.Q...w...[...:^v..S..!p.-.H....,..S.................CG.2$..%..~..]....?..td..@s.....].............W.HM ..E+n#.'..'(Rp....A...g....1._jOL...|...

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):66064
          Entropy (8bit):7.99761496970709
          Encrypted:true
          SSDEEP:
          MD5:82310489FC437A6899802D593C8A21B2
          SHA1:A7CF253FC503D3874204380DE6D32F1C96BF63E9
          SHA-256:573CA82CF40650B66029F0D55F460C9C8FEBCBFB1850175ADD3822F047780140
          SHA-512:68C0ADA74F5FE9FDE4674A7FD2B0B24944162D43481B71BB81D2EE1F4C7B2DF59E0DE8C43EC9879617AFFB92874BCD4B5BBF8AD9BC5AA0E4DFA26EDD5AEA1CE3
          Malicious:true
          Reputation:low
          Preview:.I.1..r[...I .*.8.(..E..3|8......#%..1.z\....T./kg^B-..... dBKJ.7..L....$._9.z....>.40hG........u.`...P..d.....jU.,K87a...O...EO.(.C0.n.u{d................?...5..W.Lf.x.W..x..`....a;.S....`.j.M.%.<.'........1h5..pM....SN.}.E.&...Ik =.~.......D..Z.;.w.B.plv1*....A.#.S....we1..p...(..([...?...+~.OZ...'......&2[.F>....../^..{s..t.......(.W.i...........,..Z...o.>...-V.s..`(..\....l..~..oT.....c...+U.fN.z.h=......E...5>LJ.}....2.z.,G....8.}..1..p.'..I ;m.Fz.TY.U+.2xOu........Y(.W~....{ufu........d.>..e.l..w....'..?...B.8.k.....R/G..*...0P<..Ch.D.2K;4%.h....{.4?...(.d.8..<.J........h1.UN..}...9X..k.2&.V...1......f_b.F..V....._.`U.W....]........h.iT(Jpd......,.U_^..S:p.x....P...2....s.....}EM60...d...`...6 ..w....+d..Y...O...7ij....~...|yU:....=.1._O6O...4.....@...!.+..g&..R..(.!..d.R99.t....we..l.......?O...3...$Ai.A..].e......?.9G....(...,.#........*P...@~....=...A;TF....n..K.i...G..Dks....,.M-.D31v...-.9.L...7sJ..Skd.1."...m..o..|.M`.69#....

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):25104
          Entropy (8bit):7.993731980874983
          Encrypted:true
          SSDEEP:
          MD5:905CE6E35B6BF133B90DBB89BF33B447
          SHA1:74F95323C32D38BF5FFB6DD516F50C49D4D06DBF
          SHA-256:5811899C0A7227E332FA5F8E8518DFC0033482A6CF171A17D0D64C4CDC8745BF
          SHA-512:B5A2EF90814E887E450C7176B8C1063858CCF3D5B231A7E3FF888F8825BABDE9920689BF5E1153BC27D03F076EFD4B7DAEA59C34B8C4A65D7522BFB2DB7E8B22
          Malicious:true
          Reputation:low
          Preview:.=`|P...r..0..U..K.T.K.r~.OUY.....,.7.B..H( ..7.y.......a.uJ.......*..h.(..iW...B.6r.l..*..#.q.R....#...0$E.I...i.RS3..$../...+.N5e~..r^g..eB.(..8..J.....&)9.C.=...[...er....h>.../.@.<...8...?...v..R...\....)..u./..g.V*).....?M..ELe.......J.....7o... H...D~(...\.[.<n.Y..^.^O..'u"..U.{.nT...)a.,t...l...................P...pAT.Wh.%...$..ww[....V...I..VM......~..`.[.1...$j.*.'..H.]c.....f.*^.07.....j5...5.....`.J.........i.L.y..J...L.-k...K.?6....+U......?..,..#..1.R.....Ao.;X../...-..........U...O......h....n....+..D.7.%....F..S....P.}...C.I...-._.....;.(...v.....c..E...C.:.g../.z...I.'.....}...RR...q....9|S...K.n.):......aS........M..Q\.#s...>F;.;..8.c64..^..6.uo.~L.T,.d.h..!.K}..#.R..}.%.q<..WM._.e"...[....(&..$..6v..)d.ec...p.%.............+....4`..[..M....F.(F.mJ3'..l.F..Z.N........X..fk._3...../..>..=.LQ.F4....Ui#~............Z..4q..H..V.........j..i...n.SL.S...:GE.CR....J.a.1<....%..gu../.../I..?(.D.Y..R.}.........O...._kP..B.H.?..G.j.

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):5360
          Entropy (8bit):7.961900981317264
          Encrypted:false
          SSDEEP:
          MD5:548C06B46C4CB19282873B065F9B2201
          SHA1:64A3435AE2B4ADF23B8237D04E532373409FA2C2
          SHA-256:7728D81DCE6725AC9C5D657A27F5CFB5FE94A823A19F27813012C6FAA3C3231F
          SHA-512:EC18B8246836428812CE1DEFBE6908CA65617FA2BC777A13F889CE6BE0490A96E93E68E3938126FA43F2F22A894FE16639FDD95DCFBDF8E587585A7AFC9C6C0F
          Malicious:false
          Reputation:low
          Preview:y.J.MhN.3..X...#1#..>.. O....Uwf.>C....1....J..z...q.r.N...~.....A....B-._Vy.EF.K.q7.Wi.S#.N./.V.!.....S......k.t...a...5..M..3=N..`....i.|..i.2..*....}.5W..........y.$Z.f..GJ.......W......A...;V...o....t.nb.4.....sOg.k..y..\.4G..9....>.."e(.......SD.s.b.8.??..C>...B....L.....%.cx..X.)....pU.........i#.....g.)up....4....p...UT..d<......9a..!.v.hb_..6L.6..G.....;5.'X}.....~....2r.K..O.`c./.ya.Ck.X.)x../......:.D...V.e..r.D.(.\Xjs..."........:.Y)..-...B..E.4.e.a..b.y..u0....h..~.U..Y....D."....x.....6..D.'.4...p#.{C./..`.:..l;3h.j..1..7.K...H:y...7..Xd.;...&LJ.4hC...s...T.....8.G;...)t.<B...N.......?...._...%.]<....[...IqT49..Z'f....E~ ..v..}.`.......v.....w....$?.-]..~...J..).~..s.9..b.....2..*MPV....T.-.7...os.....(LE...... ....?'{P2:.[2..........)Y..V87i#/;...i.?....}qoVVs...l....${..b..ei_...+Q.".*p.@.Sj4]?..i.WxgQ...>.!]9<.J$..U......w.vIv...&.1*:...S..lS...p...Yn.........|....9...I.D...l.%...2a|.AM.....K.!...I...5.].zG..ZV.y+o...N...@.).?n.F.

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.792118370795774
          Encrypted:false
          SSDEEP:
          MD5:F2045C66F5E93DD93BC41AA8FDE71978
          SHA1:5AE5D7EFD28F8265696F063F28CFE2CDA5A2F2F1
          SHA-256:DA502130196888BC82C410EAE980D743C21933DEE901CBAB524CC66D4B87255C
          SHA-512:96315DFEE93F63AEDCC79A887DAC3693BEF0BEE94A449E09749D10A7905BA3C698748A773B6E39EA29724CDADCFF4B731425CC008F4F8450CA6F9E0F3E955252
          Malicious:false
          Reputation:low
          Preview:V.........I0..n..........n..y..c.{.C. =.....|.%.2de.....G...q...^.iH[..-L.Y.B:.Z..l.=M.H..;..`(......dn...k..5.iZ.F....h..7......2..^.Gy..B(.~..u.a...il....7.......w.XTw/z5..>q.oI..>.;.3.*(VC.jIU......knlV....-....!.....l.[r.^.9TH....Lt.=..% .w3...$y[..$vV.S#...Z.....3.*P`'.........fF....e.'.X.^.7..u)=..?.X..J..H._uA./.....2%...N......B.a..G3... n.6f...ObR.U.S....%1>R..}.*..O..P.RBg:...y.1..8.\.a....zK.9...!].|.........@Q...q~.5MNc]H.:j... .\..B.......e....k.L=..G.\f(2..a#a.f.m..Ah...F........lf....%<"....{..2...8....x...0]!.X....<tz5.....I.....M.Z.`.0......_..O.5...T..?V.j.`.E*....H.y..XJ.D...."......y..+_....]...q...Zb.Hm.}._.....C.c*10..es.>.$..-..gn..!...M......B...Ahh...\Z.D........5....?..;dG...4...fv...vvw...T.:...:.....TF.v.~.W..G_V:.t.K.H.8b......-@[...u..E.....pv.{.3.....v..gP..*w..@.c_>....OF.iQ(.V2l!......p..3.K+...j.....z."...7..l.Y.=.#s...Ym..:......n2.)"...!'...Ed}J..G..9.5...z."....q.8.Bp.+...n..J...i........J..i.........

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.809449293968475
          Encrypted:false
          SSDEEP:
          MD5:A7B3104DD7283A293E977EF79250E58B
          SHA1:5C60CE43DA22B420331DB57DF962CBC56026101B
          SHA-256:0C7C2A563452CB138E463298E88F8D988C9705CBB659F8DF316367A16C5339D6
          SHA-512:F269071F4A3031EAB806D0422E4A4D9439E458F1B3357E841B2B1E6D4C4351F6A75D2E728B6C0EA4407A9296941FCAB2B0E4E438E397DBB386D58ACB7DE9A491
          Malicious:false
          Reputation:low
          Preview:....'_..<.....s.D.as.....N..'..H.@....e..M...'.W..bs.C9.% ..t...=...B...d..G..1.v...}N....r.<.2..j-...q....@..^...W...N.......6..Y.......wo....Y..r.5-...C.$.2:..m...f`&.P.Y~...D..'...=...l...mu.77.....&2.u}.1<.]F#q..6.@7].R\.....".de.(......g...H.~.3...Z.U.....e.p...M....A...X..#".!..=...q....4/.l.#......k9&...q..*.!cW.W&..}......>dX....nL..(.f......E).T...^.a...S#.+.*u...W..v....UZG..~..&.C.4........g...& z...@..G..k...cy)...b.[_.2.....Rr.....[.....5K.0[....8......."!..\Rn.=[..?.s..9..6%..x..r..{~h....j....#c.C9....F...qkq...&T.....-...9N.@.1.>.,...h.U..wz...M.7U....%..<..............[.......\..T..,*{...U.|f..h.t...........V..@..!..}......T.c..&s6{...s........0wU.21....._.G/9k....*J.."......@.P.{CD..&...K.&(.].tk.O.i...A.a^&.]=4.,wlx..T...........q%....R..B..]o"$...Q......Q...4.D..k.......S.......W...q-c.*b.:.p5{{NP..k..g(..!a...C....1e.e+.......bk_QzB.a.0i.>.`|Y.....,.Ca*......C..../..%}|'.i.eG.V....pX.;..-....$...j.>..<..O.........

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.7566730606859124
          Encrypted:false
          SSDEEP:
          MD5:E7BCF495268FAF0C2D8211D9C309DEA3
          SHA1:9BF0904642E2EBB63E00EE62DAFEF2E8E9A36BEE
          SHA-256:54FBDACF7748911F79CCDA649802C8C1429F8EFCE777559035DA141438143741
          SHA-512:DD2D371A8EDDC4F721A9729A919D0E2550EF933F0ABD37957D41E563EACFC47ED0F5BEA9A8B27BD7770CBFED246644228CDD99DCD9207926951FAEB0F660EDDC
          Malicious:false
          Reputation:low
          Preview:..du3...{.zI.{GW.K .h8.s.........fh.DC<J.`.vu.&.=.T...(5..'-.,..fn=a.CZ....i .9.T.;.P..or=6...f.1h.b&.F8...d5j.*.I..<."....*N.k0...W.>...L... ..>A...I.....y..20...o..P.b.S.r?..-..5s...y...Q.M....D$v.\..K7..f.c......R....\.....rZ..]f.S....5...........v..jSm..|z..cA....d?...B.v.~t.......b7..;.....T..9..U1$...>...Z..pST..]......~.......MA...m_?.d2...d.g...}.vi^..dj?..pC.]I....._..V..:.06.lc-w....t........-udB.-.p...a...hP..o.3%..5j...1.[.g-.fh./..P..../p..2.U..2..E...U..gAh..-p..X.c..........x7.G)........sm.....C.....6...B.)..J.G.....Y.Sv..3K=,.q.M.$K..H../.j..6..E...w?.Y....6..z..&.mtwJ.PV....7.?|....-2{.C^[x..~.".X@....U_]......... ..-..%*...$...N.f.../5.f4r2..N.......E..4=.N..F{..".N..!.I...I...}.WZH(...j.2.x..4..`..%...D.:...&.."....xV.2k..q.G.'*-..W./.^.!J.o..........cK.........V..uh........9..........0R...8.!.G...c...8..:%.w.M......rr....0.....@&.#.3....... @...W............3..n..h...Q..%.i...J.H-.......&n.0.....3o.FZ...t..$............

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8336
          Entropy (8bit):7.977824095879788
          Encrypted:false
          SSDEEP:
          MD5:D8E5D832EE888918A7AD77EB95E21C27
          SHA1:F8007D5E6051854F9290B5B8E6A784D54CA70355
          SHA-256:859FED8F8A550E3C4F01D53B035DA7300BF886965824E94E4F2920F71221EA9C
          SHA-512:EF3E42E415F089D97E427817B2CF1962AC554099B6026D448C33D6A0466280F1902CA7F5E4D9C6C1DF4898702AE5FCA8F2E79CDA512FC3F0BBE2E3C0BC0B503F
          Malicious:false
          Reputation:low
          Preview:....tS'.J.....6...h..j..3.....usU\.n6.c.#I{..9=D.5.L.>m.sE..U..uA.......r2.e...."O.$...W....ojTw. 6 Z..B.....\/..h.....*....w.d.s..v.h..t.E.{&.bF\.iLG..9.)E.>...7..W.5...w%..k.W.[..dX.d.T.r.A.SK",.....:{8.3.cVj...ee.h.[gC.F.@.YR|=.M....T..(.fp...C.J..._.."...s..e..B...a.`..x..O...4..?..q{..?MW.P..wM9......U*.'B:.T{...tb...}...^L.j.......Dn9U.O...zrO.|.d$?.$.._.)~..mQ._.Z./...5..n.&...2E.}.zq....NG...<..K."7.%5.a$...r..;*..j|...X>...$.=E..:..mR.#......6....>q..._...\o.f.......OO3......$..)+.g...t....B&..m......(.N0.L.?.n.....(..D..P^..h.w.1t.d@i.....;.h..R.X...n!o...>........rl..3...u..{E(....|..[.A.....8..:\..._.?Y..;..'.+...;...~.%[........Q.T.1...0a.3.@.U..)!2.r....&7.%....V9".iY.....P9.....(e....u.&O..T...=t.+S*.`C.....~{\..,.[..9../.....,Xb.uA....G...:.J.r.%.3....x|Vl1+P4,2{."Z:!...L...TY..#.R..........:Y|o..j....._w2...L.......T=r....&/.. .KN.f)..W-...Xb.H.E(.L..m.>.L/.1..AR.....e....b.1)...."G.]..EVF.5.^D."%..X ....^E.b. c&.gbV,.2".

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):880
          Entropy (8bit):7.751650594901822
          Encrypted:false
          SSDEEP:
          MD5:FA910452A3E4A7B9E006585EB73A8936
          SHA1:61346377D57C2947BEA75AEED7FE89C294380660
          SHA-256:A00FB9AC1DB376D0E959F053E9118F006ADE8EB572CEF0FB231DDF445B76A7BC
          SHA-512:32A843B6C585CF550E22F010CC87D2EBB73D5CE4870EE42C0DC5CD6A92C5DE44FB03730F200EBB9188BC403CAC38E823794EEFF958A39CEC6241644B09BECD51
          Malicious:false
          Reputation:low
          Preview:. .[.'*+H..)?J!K......8....Q.Y....a^..v......{.....5..R...s.....#..<..e.%.`..[..,.i ...o..i.l.9.e<.n..i...8..6.,.G....C.....Q..J.a.{$.R....}kQ...TP.......[..".~@..7b.z(t....FY.t.Nq...+%d......s.YBSY&..1.;....X.!9.%...'.P.t=;.._.18.....1.'`q.]2..2Hq.Hpd...G._)v.}.. ...U.@.(...a..R\...v........Y|u!...J:.R.=..~AU.f!.z^q^.=.....J.fb...? .T.......G.j....6......y.*..k|........i..#;.`....6...1~ay-..DMx.'.~.h./.g.8iI..P..o.~.pC.....H{Xe9.pV.."..........3...p.r...-a`.o..j.Z.$.8...K.M.&]:....$G..-.6,!J....'..*.uH.....u.6.0.d..-.Z.:.....y...\.arm..~..$.....QT..7X..[..TF%0".....9...:.`.......,..9....G~.M. ..x....).j.29.Ns.<%.29.m.iW.^Vc^...S...-.$...i..V.....6.1..a/'..........i&~..|t{C.u%q...C;a.~y...f O8.]..h.".....@..i........n.&..y..........A.....A7ql.....T.[.[<...y^...q.Fm....E.v[V.....hL.. .#..7$..".x~.G7M7....?...V.]..O}T.......d.......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):832
          Entropy (8bit):7.714844065008415
          Encrypted:false
          SSDEEP:
          MD5:AA809904C2F118641B5565516C030D55
          SHA1:4513D364DD6A274988D3407B37D4A854E9F15EFA
          SHA-256:E997DAA8664848BBEB9240DD50E7F8534F7320974FC180DF3AA3985DE2716B9A
          SHA-512:7293E0C34AD21FB33ED3175CC5B6BF4A511A8AAF373AB91F54C35C718520951AAB2D904749F7A89421B5B874A1C87DBDE6B0525C8A8D30A7A4D136CD41F1D24A
          Malicious:false
          Reputation:low
          Preview:.jz.........|.7n].[.....-Q.z...]b.B.....'..!.A.V..2...._.....P.....(.,..W".A...B.1.'..Q.U..jU..-.)...4O9.)...(....4.2s...).I....&yHL.........gA2#..1.3hi>.B!w......T#..d.g.@c].M....[.F?...6/....}.[ $.%..L......2.*.@.+.VN..U.^.m&.. ./U.;.O~.......m...D....y..X~I\..$W0..@...b.1...k.H8(.....M.w.s..Y.L.n./wJ....*.h....1m./.<...:...l.....#.......~...A..+........yN.|...;....._....q`x.a...x.d....XH.._]L..ANb2~.Ts\..P.Ns......4.W;-.....R.... ..s...bm<HHv.8y ...6.~.B.'.gX..*......._..U...fQ....U..D.g......A.3.YC.OF^....6.N8.-|.....=....?..c...{.......x.m.G...#.O.#.$.<{....Nv....,...]... .....=i..:`....T.....\D65~...Xt...$.....dglh..X..#.VwUu!..t(...<+..}....J.I........;..W.$....vH.8^....5.7..VMT.i<.[D...:.7C..c..6. ...D.x2(.u..0o.|....6.[t.4c..P...x...).........P..Y......jW...".......d.......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):976
          Entropy (8bit):7.790853682430506
          Encrypted:false
          SSDEEP:
          MD5:BDE72B972A819BC50054D0CB894B1E36
          SHA1:9453CE0D06B563CDD086B8D597450D5154D8B90F
          SHA-256:DC20C58147D42D7277E211D7FC49992D96AE199503516D5BA6289FB02DB27375
          SHA-512:7F28522FD744184C182E991789F086BC58AE7FA1D9D4678BD36C9CD8274D3C2A757B4752CCDFC9448D3953D6B869884B137E41680FD0DC77BC57784FB302E3A0
          Malicious:false
          Reputation:low
          Preview:.t....Z%B....M.).^.1k....\....W...$...j...Z......y....p{[.G..pW....o Q.yZ..J.B68?....o.:....v......x...=.{.$..`.)."\.h.<4.:....x..:...pJ....[........YNAf..P.....L?cX&..2.]..d\..v.~...1...'E.y......#."..#u..C..........&....j......W...)M...j..]T..-9.b.L.p...#..%.9.E.....7v...:s.0..J&...."........'...a...1...H+...#6.....v.....2.........c..>.w.u../...M.n.l}.G......oz..L."p.i...PFY._).^...b.UP..rh.......:f..l.....#..>...*..1...o.v.~N....?.Jy...:.......T<[|.b%:.....-.h.........$..c.m..`)...8s.^H.../m 2p..)..<.....a.....@.pXF..s..>.....q..4...d............ .]..5.Y...~.:Q..~d....:_B|g>..g.N6.'.Q...CW..ZG]..?...T...T.9./O.H.:.kW".TOB...9.D......Z.<..y...g.....f....N.;....."...d-_<_...a.<V.T..n......H:.j..P.F.{..*.I...J3D....5A...a......F.S.5(..]w.B.N.uukn.l....A.g..Q.{..=@.6WgP.v...+....UW...W.K.P....w...P6.......3...C......[;.....L..x[/t...c..!.U1\Y?:..:j........K.h..M\...+..?j.+eG...4....lF..Uvk...f1...!.A...aPr.^.........d.......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):944
          Entropy (8bit):7.8054172257595305
          Encrypted:false
          SSDEEP:
          MD5:6F48891A59C07684FFA70EC2E9804005
          SHA1:E8A0A6108A4FC66EF1F62B88FA9EDC4FE66AEDF6
          SHA-256:4DD9F34F9527929CAA628F9D000E449C170E64CA6C2285477722F4573AB5FDC5
          SHA-512:D031C2A5716E839CEBA03E9E08E0316AC089A42A043D2CEB84C9236EC4EC0744F50944F1F88BA301D31BB2DED4C321519738C147049C6B323636A4F08D306596
          Malicious:false
          Reputation:low
          Preview:.2.Lh.d.4.U.'..)...{X;hH.gz.v.,T...V ..X3...<.u..E.E!.)%>.7.4h(]...r....o4]...\...D....Kq.T>".G.X...G.`U.3.p..X..s.+....$.Q...../f^.=.sD$..i./:.$lt%x.I(U;:.U..Y..\0#....e..FH'*@.._Y.:..jR!&.....Q.&..MT".....X....n..;/A....-At......a........g....6...?.j....m.....0.D@.iA._..z..07....M.2..........P..._..J.W_...F...>...U.M.>....nJ!%*^m....1..X.I.d.Z.J....?E...z.....x...x.]..........&G..O|[.K....m.6.ys...r.......Nvq_.7.t....p.bP.J.~.3.....,.C[..*M....!{.>.e.._c.X.t.41)...x.....#2...'...]...X.KV.~.gk$. .pkoJ.qf.e>.|.~....:k&..9......q..{x.q7.5_.....p...p.w...4V*....t.X.PU.!...@.w.=..Pp..)+a..`..l..@.;tW..g`nn.F.1.e.....5K....8.l..D...%.....XG.........qf..A.>........G......c..r..L.M.....5L...c..O.]A9pD.?....}.d...$....1L.q...(..sHra..3..v(tv.j......HQ..%.:...9.8.. .............7&Y.et....{......).G.^.=..j.z`L.C..=f>.q....\.v..*g}.^.|......W..$.j.>WXD..y...k.v...............d.......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):976
          Entropy (8bit):7.788437839371574
          Encrypted:false
          SSDEEP:
          MD5:E48A9B3F101AEA3637221B5DF7AD7664
          SHA1:7FF9BB6EDAC74C36BE9474C66D3732FA69B482EB
          SHA-256:7C1D6D7BED19856DDFD43E0CE43B4BB9F4FDA10CE2C4AE0A992377C58A8D26CD
          SHA-512:64129147B79CBA58DD4E80611C1C4512F7DDE3E0F90ED1561C42ADEDAC4FFF5450301388FC87B4C3019CC4F75C66099B01B22A8669C8A86CDE1D25997CE0D8D3
          Malicious:false
          Reputation:low
          Preview:..F.P|..6n_.f.../...'..../..D..?b..L.F$.^.....l...Q.F..&.l:/..N...>.x@..$...:.$.f5.S...AC...5...o.%I@.v.y....3.....f,...,U;..\..>@..2....>.!.. .Ma.c..S.^..2z..\En1.,..OJ....W^.0.u...I....*.)P...&$...X.Sz....Sx...f.h..V.U.P.K`......I).c..;t.4...L. ...Z=..q.p.a.V[......l....y......W...Y.q.5.8FQ..2q.....`.....k.w.M..p.l#G.A.^.t....z.(.J..2<...e.V....^.1.3-..^~........:...../h<..U.,b..B.. .9.?(f..|R.J.WRT`?.D}.E..kQh....y.2..+..}3.......iTp.F..\.u.+.^\......_.<F.ecK...Kq...a...c.!..1.L.7w..wt.O4...9z.w.........m(4..D......}..BS....f....\0.&...U._...S~........$`\.qdU.p.n.d....Q.S..@s~ X.....8B..T.$.&s......Q............bCR...P..2..|:..R...M..s..i..?.gCO7..$..6.-.@..6..B..+....?dQ.(a...:S@.....N.k.'.....PW.\...4~.GPq\......^I.p..S..~...2.j{...<.HI........wnK."....+.u .M.Zf/.../.*.T....b9..W2x...]..l>.uV.f1...;..x.p.....I..i.....r....... .K...|...V..1....S.^....T...&.A{.;.....Nu.I2.6...#..:..cA{!....1q....e.7.bd........d.......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):864
          Entropy (8bit):7.73889693217948
          Encrypted:false
          SSDEEP:
          MD5:DFFB9325A24B348F5E79BD500B1EAA0E
          SHA1:258BDE54B378F44CD1443BABACAD313270DB8EA3
          SHA-256:0B26D8A3F203438E623E29FDA1E7890C12DF3F9A5F9354AFF3A36264B4FBD3F1
          SHA-512:FDA1A57EB5052663F40B5E385F96A980FA58E193D01D1C31448895393117267855C9A636F888860DFDEAB8587CCD3F16CE6B8483994ACF509DB20C39D15E9F82
          Malicious:false
          Reputation:low
          Preview:."....e.G..l.G..q..?.*..Eu...[W...x...,...Rb.<..S.....n..0..}........B]&sM%.*W...h:.).Qa......B.Dz.>!...%..D~.&OF./.G...M.@|...1.K....V.....J5.QSD...j..,w.r4c(...._#..\o.H...:.....EH.l....B..[..U......(.<..k..n/.j4_.....E;.#..5..A.."...'.......&kf.{...nn3=....B..A.]p.1$.[<....{..[.....Fb....h........UnH.W....O...6..7.}>wn.j+v*y.E.e?.T.l..oX.........E/X..`.YS"...BVOPc1^...,.....1....Y/...(.......R&.....o` ..|\....."..T\;Jf'M.\^....I...Gg..x.^..O....2....SM....D.1..../....k.u&.oW8.......r".7...D....0. z........xg.._.t.G..8.\n...o...e.O...uHZ..!.5....S...Cy.b...X.h.y.P...wyYWZ.Dr.q....UqP#.O....y....q......q.."8e..&*....r.......%....B....*w`<l*...g....H........G?....-y#'.D....{.8?........./..C......Q..Ci5Uq.e<...0.p...*D...XWh.hF(%...)V.&W../6.....9..1..u.....r....N.q'...`C.4$zf ...Mlg....i.(...GZ..;.J.......d.......

          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0077PHFY\www.msn[1].xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.541219641863192
          Encrypted:false
          SSDEEP:
          MD5:42FFF3E71B2E8D36E0FFA88012053263
          SHA1:087195BF04589E38A413C8417300E685BAC7B46A
          SHA-256:BB629E5F28EB3A9BB78E82456655E6588F6EFBECAF97ED831DDDC80B6614C5A9
          SHA-512:26CFA4966D707B5E26C5362B14D20F3F1BC11356B2539DDFFAF8FBD1B16AA323241831C81738761614B1C865BB37F3F5BD0C91DA49AB0ED7F71458E02962511B
          Malicious:false
          Reputation:low
          Preview:5..,..f......>.......Q......y%..#.Xm..5.>G..W3...W...../..X1.hW.....T..nQ....f.l.....%..G]."......5.p.M.....`w...2:..Q. ..\.h..%.i(..!.....*.........n....."0...... ...i./.a..#j"...q...J.D;.I>NL......=.......2...Ld%'.k..t....=....QN..O..nA......`J.....E*r^+:,.1...~.9.ra..q!........v8.K.k.....S..vQ..>.K.b..9..s...>..s@%p...Q.e{...DnV.G.H(."..d...C....tR!.....;_...;....;..i.V..*.g^.....^.0tzv..."+G.?e4L......[..(...6Q..2~.A:<..|K.Cr.S.1...m(...h......8...z..My...O.s..I.l...J.b.._j.r....S@.....G.>........d.......

          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\25Q9PDXU\contextual.media[1].xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.583640027261246
          Encrypted:false
          SSDEEP:
          MD5:6242AF0C15C38FFD8278DE695AFB68E8
          SHA1:237AB962674736E265AD9ED33CA378931E8C6145
          SHA-256:F12F4176786A702900B8716ADA18A7220495CBEC78371DE88D7971703F5347BA
          SHA-512:5F35D9DEE9204C95E0F3D1FDA0061D83621C6C0DD6F336EA5DFA87A1E70E40C40B6A2F3F090019349DF11DEF241010623E55AE65641F6B90FFA196D564E60E93
          Malicious:false
          Reputation:low
          Preview:oOBV..s.....'.....k.l)....i...w.+..c..[...B.W...w.."........r.2.Z1...".....2..I..b.u@..%..].8....F..4........B...:..A=].t.H..@. |._....N...f..m.HRu4.~6H4..LI.*k._.;......,...3.M..~.C..e....2!f.6.2...h.-..V...D...ko..H.......s/......p......ZE.....(.....<.=.E).`H..p.h.....k.H.....=U...h.6m.wA.z....N.h%.B|..I...Y7R...$.v#.t:.3..@u.V;...^..7cx..=....j.....v{...%.Lu..,....:WS.Wl.L.K6........Cy l....Wq..u.`'......7...\<T.Y3.7?oo..{......q.3s..e..:p.Z2.T9..."n.4..1wY...M.b........b._6..8../_...<.S...!........d.......

          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LXWLRH90\www.microsoft[1].xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):768
          Entropy (8bit):7.70730868472621
          Encrypted:false
          SSDEEP:
          MD5:3E0999A21C6C4708D3FD9339CB4842B4
          SHA1:8C60F31A8821C9AB640935B1E5F9E528923B8708
          SHA-256:64B44042C2EF773CA3C8B4C58A205FB438FC7D8661541FBA64252F408FE56A9A
          SHA-512:EDB4412DDBCB63B1F4B82C3834B80D9D46EC2F6D3F8981C2B908D3D7ED14F9AAD44445E527C4FFD9B23A39230D7F358D0D4C1099F37C56AE51FBDC5BDE8BE5A2
          Malicious:false
          Reputation:low
          Preview:I..b.z...O)XZ..]..5...0.sl.(....2.oU_U..;..~..".M.. Z,..^G9.].2...........u.2......#d9...f..~.Q..H[.G.j..-.yNm.Vg`!.$.-.D..`.l.\.C......v...i(...Z+..."./...^.V.?..V..5.....4.@.M}...*..S.fIY..k@j..6w\...8R5...Jsm.o......)e*..]2.;.W.]..o.R.U.'g.+...Oc.....G.4....p.C.s.,...!.D.~..Je._....!DS.?.f.\..&P..-.75.y.vF..}............O...Z|..."...z...SO...SfR5...{.....z...xy........j...W.....F.Fp2.q.Ar..z...\ x!W..]......$M...h..?>..k,.......#......f.`m.*...xdL.....H;.. .C.";Q...=.Y...Nf.M....)...Nt.#+......,&n...'..*.#.T.5..8.}.*.../H....p#..q.....=....y...A....*.v.9<.K.?...._...#...G.).M=i.,6;#.[.....O.....A..."....N.......l..Y..H.H.A.M...T.....KS'#........^.l#.e...s.-.uYQI.".%.I\...@M.....E.>.|J.. ..^..I...7+..6.........d.......

          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4816
          Entropy (8bit):7.96077216157337
          Encrypted:false
          SSDEEP:
          MD5:D81CEEF2B2831C9D1A87B4C94E05835A
          SHA1:A583E97D808D0594B300774E098635876EB20697
          SHA-256:099B2D242D914609DBBC41815D50B33623420288A0251938D59502344456390C
          SHA-512:E2915E79EA1BE6E84C50478DD0D24BA6F8A45720DBCBF0CEED6A340D9AA6D7ACAB630CD82212B3C8F65E8FA7490363A413E5DFBDB1856648FB7444472D847FAD
          Malicious:false
          Reputation:low
          Preview:...?te..+7.TKi...T.z.V..,Z.UH.R.O?.$..........QW[..[Vw..y.E...[U.?.~mR.T..l^5....J.`~..h.!......o%.(...@....(R1.y..i..X.@g...K&,..f2.....8J.z ..[......v_0g..{ZU....b.".,0.....QS..s..M......p.*.....7>..8.&J.S....f=q..B...FlJ....!.....-...{r.5W.LM...K._+.K..P...p.El.U.g.^.*.H"..&d...F.=5-..G..=f".j..C^'T6..u..^..IFq..<.h.l....r...q.e.x#0..I.lwu....[.l..[..........T.s.'G......8`..G....&....q..x..R8.|Izc..k".Y2.3WB..._O$.hY=J.....2E..... .?.F7.f[..]...%.5.Za.....W....VJ...1Y.b5...LX_.y..z.S...z.U\....T]..+....j `CA.T.|......$/..(I.,...X.q..<U..[0,...x..o.-.>'.M-./.7T..a.R....F.`...7..y.g.....?'c...!.K.^.\suIT0L(;8Z*...F_y..5....7..........3.........Nw....e.K...X.}|.\....,.UtJ{..*.k.&|.....$.9..]..=R.M.5..I...l.NNY..e.....s..".'.A)TDa...X[Q.(...B.N.6.....a.o.J...PCv,!W..B...gx.c-.sE.....Q.a..........,U/.e.......e.~).1(.4.6F2o...5.4...4.8a.(...BuE....!...8(?T..88}.....a5...$...<_...........3.)*9.9e.....8..|N.=....E$.F.8.!7....$.....@.q...

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.861893026258517
          Encrypted:false
          SSDEEP:
          MD5:80F9225721EB7021324B0589CCFA8A18
          SHA1:9290CB1149FDAD322F1F52F5C59DAD8CB0F16DED
          SHA-256:9CC7EF88D0E93D00621507918D30BA73D44A83DD461B20B572B8A380D4CF096A
          SHA-512:E3F2F23D8EEF169986BA00613F4DBBA0F30BBB410589F43F8A24B62A06F7497DF15C92478F9E8C7365A84134CBC8E83F022D4848B2D9410D5E66BF80ED8945EC
          Malicious:false
          Reputation:low
          Preview:Z.+..V..t.(Xw...X..~`r.>....FN..E......,.z....a4.....6w..z..Q,/.#b..d.V3.,.E.b`......YXG...S........,./.yB.w7...>kV..f..../....dg.j.K...q}.....*.Y.VSF...F.}..:.K.....[."c.Yr=6.t.yu.s.._.Y...>xx.[.,..z...:..|.....o....c-..Y.r)....i..c.t..uK+......+.3..#......L.}7.u.]]..c...eJ.q.A;.0..Klwm....m.h....[....e......d.Pv.....}.......d.G.....{O..>....r.k..o...s..(.a'.%m.Uw..;w..M..g..:..5..>e..F....o..c.:....K*..PK......qg.t<.p.........h.Q.. 5H.-.;d.LL.!.G...nP.......{.......J...fO[%?,l. .Em..a..m0.......4...).IcNZ.......8#.........vO.....fOR..I.z..D..-t..)..1.,.I...{U....4E9z.n...L].q....~.z../..e.l..!...Q.*..m......0.............fIHh...&.i.....).....EL.WZD.._..&."..w..q..A F..O./...u.`IW=a...J...PG#."{6.w>...::7......U.mU.!9....q..~.Y..=.h..;..&(...U>.........h.T..Z..%W.?..y`...1_..V.i..G7....ID..S.*Y.rY.h...NE..R..Q.&C.-.$...w.S..|.8.SK...H....Wd>+.C..@....0Q.c.'>...-.......i...v~....7e.dR`.r.,.1.#..|...i..B\.. ..V....'..g..f..w*.P.ivy.qM........

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):101216
          Entropy (8bit):7.998144150164038
          Encrypted:true
          SSDEEP:
          MD5:EFFE9BF2CB0208F4AE967644D6BA88C6
          SHA1:93574C643C94B4EC1BC21E27A4319265DA6CC37D
          SHA-256:700042E2A6C5D81DB7B0F652778093F658F2E8381C90276DFBB7E968FA80DBDF
          SHA-512:7783179DA162B0C63E0F316C3091F36BCBCA003C28230D3A22B0EC311194C42B337EA4187F41A6601BBA77C3E5F86096B8616737848613069753F3E1ACF06C7B
          Malicious:true
          Reputation:low
          Preview:...^....H.5:.|.dFd0.B6..~..VdOLd.N.........o6z...PM.G...?,m.t..#...q..%w#...7e2....k..y..`.|.@.e...-2.3..f..WI.;M.......h. ./"UY.,..:......R.....a....{s=.....^>.aR.1\..D..9.G. w....w..&}~.<...@(;Q.4x.}......z.GRU..m@$m..!N....2...w.....w..D.G...dL.EId....P..=..4.=;...z.X.Z...d.Mb.:.u!."...|I7..8U..N.d5]......./.s."vV...^9......./.o.m.."n3u.Kw....ba-....M).b...0...v.C._.7..P...c.... .....p.....2L'.....U...$u.a}..s..J..b.5p8f{u..)...I.]....... ./...~.......A).....!..4....5A..`...).C..t.4HbX@..s.8...)..[.~.....f.BQ......J.....R.,.G.8.U2y.O..'..L.b....ou..M!..>.....;....5.j..(J>P..f=.~.W.........1=. ...4...@.Tu....f....8C...p"P.....%6......!?..d+....+....46..`.....T...M/.VW.( .PB..Y..).z...JS..k.Km3....!Q...R.z../..Q..e.....1:w.)=.N.cT.(.].Kt..Z...k..n...&..-.)...le.U..A.%.....V'{...0..IZ.!H.J~i.i.S.* .:n..6(.......P..V.6.)..5..w...j.U....A.}V.M.5.$o..y.....m.De.2&....$.[.II`.......g....^...,/.%..Ln-bM'N..2.0..S...R.z.....'.. ...........#D.R..

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):10096
          Entropy (8bit):7.983750017825435
          Encrypted:false
          SSDEEP:
          MD5:4DA4DEB53245A47A654319B534F43C12
          SHA1:90B715D61739B68956E9B63AABCF082F9DC72783
          SHA-256:AD4A52D0BB3269D3F10311421F4F275B489BA3E9DD4013354D6BCBA278BD45A9
          SHA-512:982EA4A2FD2E7065AD13220DE712A9857751CC207BF545D04A125AEBED16EBCF5D43E38C6B63AFA408E8C1D1ED38A10EADE4C8DF93255856D3F3451FE006CF87
          Malicious:false
          Reputation:low
          Preview:....Jr...s>......r*.D -[..=.Y.Dk3..>..J. .q<.Cb.\X.y.Y^B.<T.P.$....Y.K5P......AQ{....:......N.F.......nN.....6.}.]...`E..?Z6...c.Z(.EL..L...r|M.ld}....S.5.p.....S.....C.--?....Q.....t.S..{Qn.LbO.;. O........Q.....[W..(.Z.)K-..R2....j.\r...w.*..XMY...J...L......d.7.&<...Gm<..b....jY...S.....!..*...{.C..T.f.K.B.]....B4..A.5F.....y..Vy.2..A.'.vN.D_......_. ..,......vEl..!...d.j.k9L......0$...X....O.=..?....0.........._...q.. ..i).t...4$...>.............F....lS...b.u.1..0 ...Wg..?.$.........b..@.x.y. ......9.........8&......0..Rs....."..L..G...K.CX+x.*.....M.W..#!......%.t..R.>.L........%).F..]...O,$..~CRkkT.bV...p2G"5.>..<....R........[..K=.T3.&........... H..]..F.=..TQ..w:.7s0z.a.{..Q..+.GY....g>.?mE..q..../.D6e..c.DG...3G&.A>..Al*.AB.@......N.W.aR..G.B...|. .........@.D....v...V...XJ].d...|b.Zl~.../.5.....:.:...i.0H.....P....j.p..0.`.FN.../.7...0...!..]........(>Ps....*`C.eV...b WZ>..fyR/....%.. ..Zj./......t.6.z.jw3.G4.v.w....>J.~X.

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):313440
          Entropy (8bit):7.999476727508552
          Encrypted:true
          SSDEEP:
          MD5:35CEFB630309B0C08AA23480C861032A
          SHA1:B027DD16153ECBAE2E6BABF620A3E6D0BC3EEDFB
          SHA-256:92EF0B6F677DA6BFD3A72EF85906D88F43E0C31A2B0FC91346F74835E1F98746
          SHA-512:2F6153A97084E1BF613F637EE0A701B21AE35CD89EB80CBE7D011722948AAFC983D997D666F500F9FFD68917D986E2BA592C4780F397D81192AD1000EAC02B99
          Malicious:true
          Reputation:low
          Preview:6N..hd.3}K..,..s........j.]7.I$...A5yN\*]FH^..+W..Y.._E.@..t2C>.."5..g.....5.+..K..bL.....h....)y..Y.U..@^.....vC.r..2c.......s......T@.P...X.n..9.....E....2.t..+Zdh.....>eM.:.....mU.)6.. ..*..1.Y........O.....,..5.......f.....q..........v..t.K.U..J.i.m..s;.b..........e>f^*.hu....Z...%.&...\=c9.2...]....]`.1...26.@.o..!..1.B..w.R.u@...Y..o..G.&w..j.zP.!...\.@.i{.~;c.m...O..P....WC..c.~......$..I....../?..YC...N.5.Y........v.....1?,.p.........0....*..6.<*ri_&S..p.S...R....P...P.I.'.VG....Z.OC->.+.(-...D..y.{....v>&j.U[.^H.GI}....^OO.+>.~v.| .............1.N..U=...fKmz..3.$..=../.=.......g.....sm.....a-.q.5...s...........7i.\w..l.1...rNf..Y.m{..5......%.6.\..c.0..v.l|.0p,..\....u..r...,UPf...e...?."........G.$...&.l....i6.......x.n\...}@7.<;<.l.D...2...H.Qb..2._....=.qw...~..X.!Z.bO...m\........J...$..2.&._\?.].B.....W..@...D..?(..2...dG.q...=..%%..[....h...m.. ,.F....~1.......>.....qK...,......jO.S...rU ......N..O.......HN]`.Nq........c..

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.559914968668857
          Encrypted:false
          SSDEEP:
          MD5:8BB2F7AFBC6F93A66BA3178550568244
          SHA1:E92C293965A29A4AC6F132A6C2A035C29999EDF0
          SHA-256:E3FC3E9C24DA482859DC42F695D0653B7CE79F00C1BB9AFF713B577CF1C63416
          SHA-512:72C6FCC7D4C18E5BFDA379AF92F88F7B9DCACE02999832208E8B18902C64BC7B2F748C6523E040C00AAA997BB165A716A7EB14070640260265BB32AD7EFED3EF
          Malicious:false
          Reputation:low
          Preview:...FR.Dk.qiP......-..........3..ZG....L^..j.N.q....!.....B....q.8D!.k.t....:..[5..H.~..'>N._...).......].!.7,..q,.........d..^..... ..N....<.............*P....t..s.Zo%.}#Id.-.."}.Vr....aC&...y.N..Uq.0.,]`.=..E.j..%"K.7...O.......5..G%...0..ty..t.....<.k..a..,?@..a...,.sAX..?..ap....;.1.....qDP......3.......*.]p..P/.@.*...t'......d.4..,.oN......_......K...............;.b.3".].....,l......>.i?.....4...=..._qW...!..S.U'....MB.{/W...zY...)6.......L..6.....g.D7...V....U3}...\../.b'.?.....\..1O.n..>..H.........d.......

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):672
          Entropy (8bit):7.686640413117219
          Encrypted:false
          SSDEEP:
          MD5:B9859BA5BBEE66E89FE5EF18A084EE41
          SHA1:B12CBA0CBB21A213371A0466FE8DE4A573A8760D
          SHA-256:6595837FD3EBDFE0411C27976AF8E294DA69CC36103ADF3E54C98C34CE8B228C
          SHA-512:F327924FB215084E4644AFE5A8B9DA9976233B00FFB29F2EA537BD67AB63F5E4812C6D990FB216DABFD6719420BC7BC164B343FD67783AA2E5686FF78DF3C51A
          Malicious:false
          Reputation:low
          Preview:.FO=e.@.F..).`(.p..G.X....k....L.X}.<..{. .l......8d..Q'y..^..I*...c.*$...(.:6z..>q....R.....a..X.L.&DR,,}.....~H..GkIm=|....+w.$UJ0.`6.f..A.fJ.j.O{...Oa.Q{.b.w#8.B..'.Y.4.Ez...%t.......+.h...y. 6K..6.m%>...gx:.K.:...../..u.w...7QG.=56=s....%#q.Z.\h...+R..w\..0..$\.#.G.$2...RN...J."a..@..;=.s....w\5.......63.U.k.@{).JO.p.0"q.....V.."2-..9].Pp50Xa.O0..`..8I....Z...xfr].\.......V..p<.AH..T....k.8GT._.%t...?.A..*JhV..2.c.Un.p.{+..{`....g...G..N~.G.......K.I.o...K.D.K....x!.+...a(...._...my...W.N......(s..4l."..2...J...c..e.{W6.E.....w..{xFGJP.;.>...ls.F....i..5..}....8qC..).5SY...kD.{u)..o.i.W..<.....E.d......A..I.........d.......

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):12816
          Entropy (8bit):7.985555674984105
          Encrypted:false
          SSDEEP:
          MD5:E70F7EC726D7BFC0967702D5994DBE21
          SHA1:F4D58D3C6C788FE056F5BFB54F2BE0C481CE167D
          SHA-256:0D2D600A9D06C84E4C9B7F540864306654E0E04C80B233DEEECD031C5ABA8E89
          SHA-512:F5A555D0909C4244873AE9F5D5C4FFB12774CD7818C280A51C0ECED991E571A73E2C49163C0C97734BC21A77A2E223934FF8EDC514DCF9DBA97B4CC8F22B6B9B
          Malicious:false
          Reputation:low
          Preview:ny.....Y.&+..).h......&...il.&.\o.].ht..k*......x~C.a/...$...1..c%........@z.....1.._U....`_..........33.]...I...?y..i.^A..).k.&"m..2%......|.p.t7.4.`.:$.!i...Q..e..d.?..mg..RU.H/..S..qg.........@.O...g.......^N.|....<.<.`N...>..$..`Qcd.@.(Z`h{..0.>..q6....o.Lm...$..=..*[.:...YI..=I...._...~k{.D........C.i.3G.........-.$.,.%..^S....d....dY2.?....(32..+.lkV.*.(=1.SE.fe....K......<..).LO....l&...%...z...t...hL...LT.@../..Y3.xf.U;.<...Y..*..Cx.K.bA8..P..m....]<.bdb.0r.nc.@9..+.......... ..e7..P.Jt.N..<.#P.....=....MPb..?....a%.;..h...i(...iL...O..j.H.Q7..2mBE_U.}.>g. .D...h..$w.E..8Y..O.IG..I[6'..5.9....O.P...O......?.r!.<w...O..6H..Z..$}Z.......l.......C.6.";+M..i...............X.D...|).b)..T."W>..-.h.../u.V......g......<.K.5.A. .........8.^.w.7.l.E.Q.Q.$.f..!k....}}..SE"..L.j....@i...rNUop....:....5(....U.S!L8.|$C..B..z..E.&...`.64...-...6\.RyB.UZE..:.?..>...0...5..z..c.:.E..J. ...=.5.+.H..@..aj.#.[.OI.+.u.. .u.4.M..%..z.B.{...tj4...!..

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):40928
          Entropy (8bit):7.995728002758148
          Encrypted:true
          SSDEEP:
          MD5:AC6CDFB24BE44D3D05F3D12589B1EA83
          SHA1:7EEC74DF9C4764588C5CF73BE513599D1B51ADE0
          SHA-256:5994F4B3201B14F1BB6B0147C47633347EDD58DFED0BE03701D3BADA586ACD1E
          SHA-512:A49C72CA72D62131A47D434828EA787C8E7A48F320B1A7485E9A8D3DE2985947BCDA27E0E86DECF36322EC0A53D5B38E828AB0830F2593A06C627BF5CF8E12C8
          Malicious:true
          Reputation:low
          Preview:..i...P.>....B...9.9.......v....I.........^D}.!.f.Y-....{..C.3/...Gn.. ..B...}.'..F..[.W..K.[.\1..7z.1F....&..k.O.-u...od..(..o7.g.g........Mh.j........Hy&FL..P...Ft.0....K.....j...s.+.X.&....Nu.d..H..?.....1M...i..\a..$1....%.....H..Q............ L.5.F..({.....bV^.L..rW.fB.f.3..(...R...vM.p...~..r.........\..ID..L."..C..Tl..-.'.q....:J.J.'0.f..-.....i.x..&.=y.......p....~$.F..\o<h..l.....x...0..9...r.F.[.q...I...h~.......yv;K.D.:+..->~5?..v.J.u.}.....d..t..@.).Q5tT9u..Mm.^..oZ.f......yY..!#\......h.v...6....=3$.v;.!E....j..mG..^.".7I.y....1/SH1j^.&v&I......-...U...c....&..{..<....^.[.._...Z....?.R..#.l.~...@...M..H.B..;.........u-.eC.pcF...E.g.F.G...l...-..|..E..J..R9....-..T..x...\.L......(.w....B...'....8V...~.s.d'..A..(..a.t..Z..K...;<..=?.^Gs...........J.X....$.. ..\.P.. R...F.E..o.ZsL...L.i...{#j..k.'..Xpp"...xXW.):.t1...ZU.....Q....}.1sad.6J.....p\).f....@E&.0...\4..J..y|?.....T.f..0.!. .z.r.e....F...X.'?m}.X@..h2.B.zI..@.....]

          C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1136
          Entropy (8bit):7.811236285939103
          Encrypted:false
          SSDEEP:
          MD5:B8B4E5EACDB44F6ED41AF5B4DD98A9E0
          SHA1:2B6B80741838FE73CA9FF027EE4764D72EDCA31C
          SHA-256:7FD5C2238442C191788DA7EDC0F7D009C570E63F7FCD6287B918D49FC50B2039
          SHA-512:33D3A4F44EDCB46835C703584135474158D059130DF65554B52B4A29C11BC878341B80D65B242053591B33C38D61ACB901C5DB269DA44817CD2D8F90AF144B88
          Malicious:false
          Reputation:low
          Preview:............2.le.h.v........D1..F.{....u..4...^.l4...x.Ms....V2..g@,...L?.cr.*c.C..-.L.!.ye.....f.d..WK.hi$..%.[=...ao..b.q....T../..^...\.5.K........u("..>...nk..Y..D'....8.vn'9E...b.s[B."....M.PBX..<~!v..c~l_.t~(A.J.....D.....#.z.>.kK...R{)pP...F..D...G8...8.?."e...........p*...Jd-hR.6sc....X1..w:.f\.c.1w@..3mR%X..n.;v...6.td..>.>o<..!..C.......V.....I.I..n(M.$R...|J..&%^+;......=...-*-.n..g|pS._........ML.L....k.........v.~.....=...J. r.\R.k.I_...u...1."?...].2.s..v!..L.{._.-....=n7.:.rF...F...>.q r..R...I.wq..0..I...@.....s.l....C1.:@D.+....m......'.0.?s.Q.DL.9.z.[..KFA.s.g.Xv.J..d........."2....F+K7@q..>.C.`..;f........ ......DG.`.E1..]~..'TJ^.7..h.+....(.n.yV../.....NF~r?.t..P5...ra..jVqjg....+.....A....2@......>..%.s.j.R..r....-y...Cy).%.......W...ox..je.u.GK.....*dT.....-....*.q..a._zm......G....+3..Y..}....+.....lp.v.,B=<v.._.w.....`........&.9d]..).i.....?...fqT@M..I.-z...I.k......E..Gn...sx.V=...W[)+......b{.cKP.b....

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981534837301556
          Encrypted:false
          SSDEEP:
          MD5:065C3E18A2A8B7893F463025E10AF503
          SHA1:E7727B250704F21E3CC59B77BF012AF6D3028221
          SHA-256:A2491A07B224F2F4BD3E5AEFF03084C8B9BD6D30E511D2414EA0AC3CFC421BFB
          SHA-512:5172264809805D0FBF5232E71DC7BF9045921F7A9B131A285EB6946BAC7CB746FD7772DBDAEB23CE2CA67433AC32700AD173DE6A6016241806FEFE17885DEE85
          Malicious:false
          Reputation:low
          Preview:c.`s..zu.O.R..."}. \.DQ.].lD%.H..|..o..9J^..Dnd...=..#.....[.g.;.nz....y...Ok..k1....G{.....+....U#.LH..).+g`...-..WF?.E9..E....T.D...Z_[;......F].h.q..Cp......b.0'.D..,C.kP..T.>.i.~...3.CO....L.-u..d)hD.....<..q{..io.=..u.z\.VtD....5..l.m8m.k....t.tu..g..f.\b.......H3...S...kk4....8.<...?S.....x..p2Z.`Z.v..9....^/.."....j.m.d=.....7t_..@!.K...l6y.........7...#...=0..E...uf..C.P....B...mm..mf....6..B...1}%.)B......J..l...M...y.5... Z..P.!2......AT5Rz.yP...%.`I..J.o...U...^#..4.].E%]...{...Ncs..Tf.."...i.. G.MY.t'.^..xW@r..........o....M,.#.wQ..q.b....I...v.e...2*9.\.Q..L.A.".....FqZ..d.....V`5..w....s.eX...8_. 9.*..3...XG...m.t...|LI......| .7-..>......e...P...f.t.s%.+%u......AP. ..S...1e~.j....Nn...u>..-pG..#}.a.F..`...Q..D..~V*&X..!...-.+.:..-/../B.9.=U!o ..6.;.@i\.....l.9.+Y..q.....+..S..=XW..M..Y....z.../i..~..0.0....C^...v.../..J...a2./...4.w..X...?.....:......V.......o......`...k"...&Q.s...(...6F....w.k........Y:..Q..8:...%z

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):3146256
          Entropy (8bit):7.999947166514824
          Encrypted:true
          SSDEEP:
          MD5:4B6AD1370E3D3D298EAA6AA384679D37
          SHA1:646B8EE2C272605B8B4C96AE0B6E5B591827487B
          SHA-256:1384F9677B8CA2DBD2FEABA06E804FC0536419AA79850934D0D5C3927A8AEDE2
          SHA-512:1E5D37B0E5E459B96154B6C1588AA92561AA558DF3FFCD6EDFA1D4D2C4F7D344681FCFEA9143B6AAFD9CAFA5C512CDBEB2158336FA2347384670219C4F1EE3B2
          Malicious:true
          Reputation:low
          Preview:..\TE...]s.|..kI.-."..g...H$.f..!.s.QI...$J.{.%.=....(....o.D.f...u....c!J...%.Y...c.V.?yY.+..4....q."Y@......[.X.\(H.X..0.`7...u!.o;.8...N....~.2].%OBe.;s+D`._HU...1(.,....o..#0..YeX,...'..#.....\%]...5.4.."q.4.S%.....,..P3.'....g..(*.zw..fl./.V.^)8b.......@..P;k..TIB...5..'.....VA...;.z.....hC..*..7..S`kH/5.&...5.c.n.a...- ?p.h.....:p.?.8t......?!*....G*"....;_Fb..|F.1I..e..C.3k..f.,.(........3.A.)...a...gw.'b.}{.......#.0..J).3..}..(.s.. ..S....g7.Y....=.bW.t)..i9....]l..%o..V.Y.._..O.R...'P.....a.'6. ..|{..!K......PV......c..z..R.....K..Vr...A.kG9...B..(....J.....l.,w...k.{.L...';....$k.._K..\.<T...adA........$.Q..H..07(8L..).F..L7....&t.-..!.'E..y...H..,|...m..T9....XG.s/:..@...N.~CS:o{.Z.j...n4n..g..7.......jM2.X.s.......x.....p&=....I..l2z...........n,X.[....).+.I<]....[.M..s.~?K.T.{\.z...MB..,M....."...'..j...;a.J..:...@......p...iGT[Ye..v(......[..\..qn....7.....H".5..O..+>M...F....{4..%.........'...E=.....2.../`...P...

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):3146256
          Entropy (8bit):7.999939517297453
          Encrypted:true
          SSDEEP:
          MD5:11FCD78A4C39BD290EDEF37F8E317748
          SHA1:152363180384EA8A3D8EAFFFD294A9229D805AA0
          SHA-256:391361C77441EFA02FA52EC6947B9CCEECA69B1997C1776582F32B9E1856780A
          SHA-512:DDC577680C90F08C4B17B15E7E9ED6F8B80CB3F7CA0E24EDB41D69356DCA25252CB27A50CBD181BC983ACFB9A0FC810C6570DCA79520424FBE8A2978AACF1E0E
          Malicious:true
          Reputation:low
          Preview:+w..q.KD...:.o.~h.ot.U.......D.}9.u........6.M.m.C.I.+G.n...c.M7b.J5.D.|0..?.....z5.......m..9..e.a.5h=T...wkxz..l.M....sx\.........O=......E..[...b.a{....k.`X...{....?.cE-.F.DZ.a..X.....Y...T3*.S...$.=8.No.+.%....Bq!.^.S3..N..!Pt.n<....SN...RV.....a.>!..kpZ......My..5..Ct.[...Wd.z..GPR...].k..o.......u.D.X.?L.Gm.g.p.........C..x.R.......^>....{...KC.z..........2.i......kL...n.3G.y.H.},.wz..K.:.~2e?..!....g...Cv......}}..:...q.........g.....A.j.+.wH."x.....n...G...).n..Dp./....>.....*..?%.....H..{....E)$...o..M.;.g..S...fqs'\..>FHyA...B.~#WTvt.Sj....m.@+.Y.%>..(](;.;...:....u..W.{0..".o..#.=9...n.G.N>...]z/:..[.W.k......f....~g......~.M?..s.............6.C.k8n..:s..+d..5|.z.U~.zQT....Tz. i...>..\H~j.....?z..:.'..d.,..1.._.(P....[./].6u."...,H..Xl".[.c..A..C}.......[up.WE.T...S`.$V...N.T..Z..h.X.Qd.6w..`S...T..~....C.`..23.C.{..$.M....h..........^>....V{.~.T...=.`....G..Gt}..I.i.+..i..B%.O...E;..u..J....|lv....L.mJ.2.5.w...9.u.#.ND~...n.C..W

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):3146256
          Entropy (8bit):7.999939837148331
          Encrypted:true
          SSDEEP:
          MD5:2F92DDA3F3D1644718645125D8159ED7
          SHA1:A5C915A60E8EFB8E1CE2F0F0053A936ABAB1685E
          SHA-256:2F9B96ED5AD623763063ED336EE2B68F4983059DA20FAFF03A4EF59EBD1F7DD5
          SHA-512:AFCF5393AB3396D431C91AE4AB709A4A4AB5D2FE33CA2AC6B6D8FFEA2180CCABF8CC43D0F9B80919EE78B2BE4A8FF6C573AE172B8D3C97C340878D8C9F37915D
          Malicious:true
          Reputation:low
          Preview:..,.....o.....z.d}.I\s...e..:......Cw.._.>.W.=G..Y@O@.....J.Ab.....6.X1.%M-pC...(..n...aV.h4...1.4zm.1f.>-.8.u..QT.!x0.......YK.oL;y.}4{...y..5K...p..yy...s%(9v.......#[{.f."3.w...,..n&.5_...K&.N.`.}.4.].eR&.:.D"..RK..D..E,...>n<..&N..Z.L/WzB.#...K.G..H.u........g..W.c>...k..2T..I..;...5:s."..W3.7r...(:..o..wKp.A..=/...?..z....~.N4.1.....a....t.k.(.e...SXG..\w.a....5G..r0...[h'...X..0k.....*PN<3..9.z.S(x.....A-".........s......B......5.......|..KQ........b...o....Z.c....../Ii..._Z...+..l......w/D...Q..`+d{...S.T..V..p....7.Q...$..T..<B...i4.Tb...\.Y..a......Q...e.vC.A...!.../...x..K$._...D.k.-{Xk.......h.b_.C.9.@.(/...*.....[..g.....l...\.,gD-..8du./.srr.L....xb...G.Q0m..f./.T....X..F/zx#..}.i..V`k...........|...........q..s........ .........z..W.>sJ..D.. ..h6<k..z.$l.C ......S... .i..EVyk...B..B...J.....M..1.E....*...hRMh.S..Z.x....yJ..E..H8yO.]....\........d.......\A.Q...'...<j...p.G}J.. .Ab..7K*..U}...e.V.-..Z...>h..L../.......C...<3...T....8

          C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.559305703247711
          Encrypted:false
          SSDEEP:
          MD5:A76862254E646EE62239B574D0761D50
          SHA1:A225C2E9263D8A8289F2810BD178CD2FAD837F02
          SHA-256:499F043C3E1542CB186EA4DEE6508127DC8F6EDEC28DFA1E2611DF2C2C5EDE73
          SHA-512:1F26EA722907E27B940570445CCAC976359248FED493AF987D64D46B7846C2DF3FE989195CBFBC3EF654406906239EC324660ABAD04E38713E43B6C2D5746749
          Malicious:false
          Reputation:low
          Preview:!...y.......`.|\..y.j.6.eV...;{tUK..NG}..0...j#...pC|...w..b..B.9...'.H...P.h.9......#<(....h.D?.#.Mm_.Zt.iD.A...7..<.....5............>.=K.L...2.\s..*.nF..~...u..:..6%K.x.%...li..m....!)...Z<.A.(..d@...K.v..&.i.J4...F...h..&...U......R.Ez.D.v=([.#.....z\..T.=.y.v......P.A.$n.=..14.....][...d<..K(..%.......=...Cs..v.B.... .C......S.J.b..i.3K.^dD.9.T.I".=.......v#....6..W...g.....6y.!.,w...&..u7.;...5..b..6.y_..M..w..,.Y=..R.D.W.e.........fo[6......q.x...j...G..>7.].8.@.. .3..U......[.;.S.,:..'.z1M;...P6.< .........d.......

          C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):66080
          Entropy (8bit):7.997405881168474
          Encrypted:true
          SSDEEP:
          MD5:D3B0E3622E1FB4705F7D7422F01208C4
          SHA1:20A1D990ACF0DD7CFA3F845C83320540387C8FAD
          SHA-256:A3BF538CA34597D79AF977E696CF60182D8CA06629EE59C6D51E37EAA3521D7F
          SHA-512:319EFFA2882F59E2ED698D9DB61E420899141F5208A70EC21DCB3F4ED269D1F2F84BD6F1D02EA2CFB2C89AF69A0B6A30D85F4B61CBADC4A531A70914BFDEF3EC
          Malicious:true
          Reputation:low
          Preview:..O^J...;...&R.w.O.k..I..).?.!K..0|@,..|N.O._....X..XN_....q..'.#.WY.....zA.O.J..U-.<Yn6D.DU"I.]Q#Iw>..$]X\.D7.~@.Tt..v._r[....`.-.Z.......L.........r.B..m.)}......@O.......:.....V.J(..4...6.b.......9...R~.Ilg%-XDq........8.9...9..*.../.[..?...p......\.:..E....4.....q..2....1..7..vb..Z.1.0...i...Q.(l (.{$.....chh.y..?.Hi..g.t..}..f.....*.c...+....y..G....I.Nr.ioC.S.`.mM..[..../m.{.?n.hE.qij$.~....70c.PX..y.3..".......Q.r..?..=&..8+.5..'..X.pqE2r..v!.m.(vQ..6.I.._*~.r\.#.=...2..U'to..PH.a.o2.....5.....p?.c)...Q...4L.;0K;...K.G...@.K9@..":U.....*af.^....>...SV.t.V.w....88J$.6...............r.....fh.=.}Js.$.+D?N..~!.b<=.0G..u....fJO-a..Z.........i..Z.P1.;.....o...-B.....N..~....d.zP..y..4...m...97.;&G..G..;.......C.....mR...9...W.{e........./&.D..pU.5.N!.>..*......UY..D_Q._...h.....A.<*.D..V....!]p.#o.A.&.G<.<..k.t./....b..,MO...:9.....u...O...;.c.d..^L..M...R.o.l.N..*.....:.|.J3P.....y.f.-.O.#..+.l@L*.kzY8..@.y.P.Jc..A..M.^!i..(...

          C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.586585325281918
          Encrypted:false
          SSDEEP:
          MD5:8B8C52A4DF7199B62F738DE66D608404
          SHA1:D68AD1E91D02B7B95917C254C877E7BAC8C20E0B
          SHA-256:17CC4D5445F610A3F067220DDAFEFE514993AA2C895468048489F691238BB77F
          SHA-512:21FF550FAF5E960BF505419CFE497FA0C8B311344F89562C7EB7EBCCD2859F805F5D72F3FDA839FFFC90F9641AE0C62BE75EAD176C5D116A76B799B5A09A637B
          Malicious:false
          Reputation:low
          Preview:..#....{..6.V=...@*.K.N.:.....RR.....r....!,];.... *..._.......4..s.i.......AU...rN;..y....p.nb.7.YD..].7....i.hK#&7...1.ztr@.=.>......?'.......|...Q..D.Z..eY....G....pq...I!..U.....#.*.....!..b.t[...@...)..L.l...+..p..p.y..&..X..c[......3|m.8..&.i..\.X./..[. .;Yu.L..l-.U5C.P.9.j....G_..0t.*K.Bt.,)..|+..n...vd...X[....W....$,`{m...MzI.L.....ud...Z....Tk2..Z.q.I..iU#.\..}..'l.U....dnoh...j...ME.....(R..=.......\.8..!...t.FR.8.A...\.qw._.V.r"..6.:.).H..,....mO..35[,..[..I.....#Y.E../..m...ZF.........d.......

          C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.7181771146775954
          Encrypted:false
          SSDEEP:
          MD5:B1AB3C8A43E718CF662E25CA72742089
          SHA1:537938E98A8261922357A59B2D2958F46C22D18D
          SHA-256:7225DADF68FC747305F9B23FADE2AD744778E0BDE4C084B53D29E370EEA3CC42
          SHA-512:B6400744B501ABE83391F13D19910CCF797E325C305883682C99F1C30AF611563AFCE04747A320B3A04DC7762861A9B080C598212B78C4F3C4BC498FBADE2FD8
          Malicious:false
          Reputation:low
          Preview:Ci..Rl.h.....s>...3q.....0...!..,....../.7.FT0....x..+@.B9I.~:.N.....^...Q>P>Mxg...;.>..>r.6.s.2..7.`..........MG...6c..z.Y.g....Q[...n..9...@...P.8.e.t..8....^....J..F..L...|..g.b.Z...g(.0}..D.w..&.}......8\.....b].p..E ...N...-f.._.........a.3...$..0...e...jna.(..3B..G.\...s.k]f.o...8..l.w...i....^`X..*&...C.....A...+YNR}.6......^.,......I...7.l..."e.&...^.-..2..R.|j.4.'rn..xcb.IZ?&.(.P....Aq.Y....2.v..Ns...>..l......-...u..>j..e.y..H.y.../<H...T..2.u.....%.&.c...AE..l...k.F.n 4..y[.....3.Z...V.@:..1cm..l.a;..[G;S_..V.........Q. Ju...&....t...L..#..V'?~.."e.._..r..,._3..P.<....#.V...3..%.%P.3V......Q..C..\}..f...o?.t..LG..b..<G.W.....x.....7...q...J'..{././..4....P..o+.Y.L ..D...#.?.U90.PV.....w..DT.....`QOT..GK..N....(.b.,w..i..O./$B.;Pq.<.Q.%q..e1a....[*..M<..#........7....w......K....{w.2V@....7......@b.'.........j.*R.........i.U..~...[S#.|A..9..<9/,..T.qi%...-rp.p.X-.V..\i...$.1.|YJy8....F..../.e.}:..D.VvcD.Z......v._.K.b..%

          C:\Users\user\AppData\Local\IconCache.db.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):32528
          Entropy (8bit):7.9937935976242045
          Encrypted:true
          SSDEEP:
          MD5:820480F2A84AF354B8B7AD9B0D9182FC
          SHA1:2CC2856330FFE519E2383C711C1D75093EB0E442
          SHA-256:BE5311FB2509B090732EAA723C25E6552014B94ED90405A4E70CA4945EB718A3
          SHA-512:F066DFD50882FD67E53A431F1EC0BAF11D726F23699E1787178DED6567591F015EAC3209711F92322FF79228855E079C18E39EA6945C060ADACA9126ADBB430D
          Malicious:true
          Reputation:low
          Preview:..C..[x-..6*....[.OM*K*.....<n........E...|y....B.G...N.}-. ..+..k.......i...D.m..y/.n..E. ?...)......#.g.......z[.p.............b*^.M+?.....M>-.Z.?}P..h2.I...qcg4.....S_.....( s.:....E..sid..D..1.V...v..kR..v=.W]?...%.X..I.@z|...,UN..U....'T..pD..k...0...gJ.d.....^j..q{%/.l.9....y..$..i..|.S ZSW.z..F.~I..D.x..g. ...J..t..........[R..5>T-.O/..1cv.zcs-.-O..B....|..*i.7.....t$.....Q...6...w1M.U.....:6;85.\....V.B..-I..9.^.w.w..."c...wT+ZFJ.B........>.C...U.No.A......--,...%7........J......D.E..\d.......".<..K....n.L....T\/i.P..@.]....(.z....Q[...(f`....-...B<.c.K.8T.1...K..[._..7.w.....]p....T.%.\^%|.p....rH|.........,.X..?.r..VN......3w....8.~ze..#S._..4.<qKW....GI......Y..,...Q....L.;l...k.>D.....`....N....m...R..h..b.1....QW5.|...0..\G[1....e..qvS3.J!.0..G8.P.._(z*.<.....#)5f..i.&..O'.MD..Uc.]..(.t....~.a.4H..!.S}.R.h.qI..-7.q..H..h%1... .\O........X..:.aq.3.AY|.K.-<#.It1.).f..:p.'B...8j_.....{...o....N.]O..}.(7.A..)..[...J./.B.....

          C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):11632
          Entropy (8bit):7.986830419526266
          Encrypted:false
          SSDEEP:
          MD5:C2DB7EAD7479D7AD3B4126269795B78C
          SHA1:848AD9FD8B605F7FE0A63D25450B6C9ABAE6E8E1
          SHA-256:9591780E206EBC63B5F9AD58267C0ED2920FABA958042410273A121AB67F240D
          SHA-512:0BCDFDC25EA21AD19F417F042A98B2DF16E1F86BA94E2977971D8E0865C41F1213CFF04EE09848E68046069EE7D69ADDF8E0CBF59E205C0F99202D97D9853598
          Malicious:false
          Reputation:low
          Preview:.{J.....H....|.?....$..@h.@t2..h7p.~...A...J..oH8.`..G.i{...P..........".iG..J..Vo..N.+%*?...........o_...N...PNL."~...(s.v*{....?.i..s.....Q-..yv.#.d.>..l...I..'..3..K...u.'.......l..1..{....Z..^...YI.....j..._.3v.Q9.jt$f.@._..:m.:=S7..c2{n>....w..N9k..?M.....c._...:o...=.e../5...J.........E......alP...FH.c..' ....v..G......zhU...X.h.~......g...Z(r.e....E.47..7Q....0......Yx.@.uB.Ka.x..Y<s..*..Z...*I.Y.@...B.g+p.N...A.......F...s.......&.(.~>..p>.^..=...~..*..Yg.Q.....I.....,..Q;.<.."]Z....7..B=.....U.."...$(|i.Ro.eK>.Vf...5."f+..V.a.uR..&.S...iz.....kH. .K..)*|....wn.g...a..y:b.(_...J...c....$e......2.Q.*w0M.......K`.C*7ru.yx..D....*...b.H./...?L....v..1.%=..U..ha.f..y..>82..............w7.g.R....\...9'...l.T)=E"F...]&..`.B....Zb.V.].BI].e...`^.........xXj.2zL.6P..)Wp.....9.|.RIj...Y..........c.t.H.>?f.!0P.*..e.=$..[f.}Pk.7.4...9.!...tp..Lj,.%r.]...dN..h4m.j....5.Q.;A.'.5{c.{.:...0Y.M.`S...1+_.PP+k...\).c..qdLA....D|z.:U.....=.&6....v..

          C:\Users\user\AppData\Local\Microsoft\Event Viewer\RecentViews.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):1488
          Entropy (8bit):7.864586857560726
          Encrypted:false
          SSDEEP:
          MD5:3313079A71BF77818C642EC7621CEF19
          SHA1:8106256FF069700EF5B2767EC2AB332988E2C10E
          SHA-256:AEC1194B8AB4546C22DA53C9A0490FF9F993AA56EFC86B4C09BA047150D6036A
          SHA-512:998276266898655C40534D1ABA2F4479B4B2396EE137E9CE3548F49BDC05B9C795FC13641CFF580592C4A8A8CF46C36C9B0B4565F63676C0B9416F56FB08FF9E
          Malicious:false
          Reputation:low
          Preview:..c..Z..^....fg.(RO] 1...U...yC.%(...-.....iCt..#R....fs.7.r(gO..H.$kF.OC....I...I...E.8..`o...-.{N..]..]..N...2.f.[y........$.....&`J...c..).............s`U.|.`%.^.t..q...........g.t.:u-.*$....;q.....h..~\........,..z.-HZJ.....R2S>.......k..IT.Kp=....Co.HN....tai..#L9..H,.T}..).../....&..0...m...Z).m.oB....h..5...y.8..r>%.l_..9.-l6...P]J.Kc.D......5..lZ....5.}..d...8$........9...A.(....z._.H...$..AkM4..&Ec7X....T.)....E.385C..x..F........J.4E.....D......F+fvRi.o.2. .....~.!....6>........9.!....5..:.H...?..... ..L>+$.p..j.uW.v...y....U...V...h.....1..d.p.!Lw.HI.g..!..T...(2B.6_4..#..c.q..L.nf....cU;.H.!.4.^....,.....T..N.......&..]X..Z.:!..|B.2...-.nN.H..ynM../.Y{_9^X..B.@s......V...PV....%.&{..@..[un9.T.=;1.. }...xE....l...P..}-...x..5|A.N8.....Pt7.U.h.,..%....6.^...4.{...'.........C6......{....O..[Sl."..p....9x...%.I...n../.T.?e.]c..5....7cw....$...KK.$..r".N.q;..%FA.N.9.8...P.P.....>[..I7S[......&U<U;.\.9.i..en.....j......@.XQ.&N...t

          C:\Users\user\AppData\Local\Microsoft\Event Viewer\Settings.Xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.596148852144966
          Encrypted:false
          SSDEEP:
          MD5:F88A4D370FC9B40EB17F0168DA86B38E
          SHA1:5BED0656CCD5B0ADF9FD687B324233EF45496DAA
          SHA-256:DFD2AA5A053391159DDD379B554737108079005AA1A31928763D90D447BF8590
          SHA-512:6EEB696A48FD981D5EF3EBFCECC7E4F2C999D915ED633F9682383C8E61A1AF86A8EA65967B0F50298816782D3EE6F93A7EAF4BADEF063695F6FBCED8DA8B0E4B
          Malicious:false
          Reputation:low
          Preview:....&u{6H.......w5.$..?.{-.2....y..Z.D2"o...|../U.....'.',O)?.1.......v2hRL..F0.,.p... ...v....Q...E.{.5.o.87..o%..'n=... ....*.B..$...x.'..yua].I_u...GJ_7L*Q.xY..-F...!....3..9..-ouZu..*.y...{H.Q.{ w...Y..>..).#...~....:.....bE..R......)\7..*......`uI.....M..,5.>.Y. ...+7.zq+...n...D.40V}..Q.w.MU.#No!..L._..c...2.{'d.....Q."XZ.A.!\....e.m.z....a..O.).3kt'LS`.....AQ..v..)..D..2v....={.V.,D .$mh.f.4C...9Y.;..{^Ib.%..&......n.b;....R.B.....0.=D.W........;..v.0Q..g.......|.$.$.zo.;9..Cs.>.YS.lwdQ.8.B:.V..+.`...'ZCSh."./..'...3..|........h).-}.%&iX.C....8d...^;.RmH.....:<...m{p..u..1.Rm.......d.......

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMDATA64.DAT.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):255440
          Entropy (8bit):7.99935156105157
          Encrypted:true
          SSDEEP:
          MD5:C045ECB7E4A93AA109467E5BE6E198ED
          SHA1:FBBF2C4658329585E8AC6E4D9CBD9EF624C720B1
          SHA-256:BAA43CD07CBAD05F5ABE25592B84BDA33CE0F5BFFD3091CB0B407F580B63E2D7
          SHA-512:84CB09AC8CCC1A84C46E72427FFF31C052E4F341484456301F5E7AD8C57E4B09E34DA182451DDEFDAA6E856A18E3E0E3C76B8CBA69CC309FDDEC0CF8543B06A2
          Malicious:true
          Reputation:low
          Preview:.U.....F...{[u...K7...C.DZ...rq\`.. .....A.....3%...+.C.r............#.U.t.."jbb.3...-...].......X...rT+>z!..A........>#...t6..Xu.gU1..?....^.A06P...J[......U..!...._.../?............x...rG.mP.(R..g....Y..\4...F...F..i..1..\........,...k.*L..j......l.Z..n..O..C .QDN.a..%.N.p..w.....=+.......X.BZ..K.F..F............7.C.y.T+.!..4.v2...d.\..q%.S.CM2X../.9.I.....a).....%.D.w....j;.C...U.+.....1..l... 2m-p8.......Q..c..u{.-..E*^.....tC..>...).(.b...`..0QJ2-.*^.P.j?.x..}....;X..N..z....(.2.v....@6.;.-.o.a..Fb..$.`....ppm.D...v.w-..k,,*.;...5....1..-..uL.QQ{.Zu.w'..|U.,..<....#..<.p...gK...}......7Nka..D...R.T.0....,PN.*..{}..E..,.$XL..8C....W.MB......7UQ.`...H.:pB?q...<.M........2..Lbn....Sp...+...hI..Lh.....x..$........,..bK........5.......F.G.....P....l.\3..^P..Q...o.....V.=pQ......a..%..B..2a....b.c..]......1f\T..<x.;r.z.4..9.....D....p.$..Z....].O....o.....@v:.b...S.F@3T...!.U.s5."...3A%?>...8n.o..j...........!.".i.CDS....H...G.0.....

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.chk.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976542521318926
          Encrypted:false
          SSDEEP:
          MD5:B78BB138900EBF9B989D494E441938AE
          SHA1:D4D230E7A0384CE36B9F1238404B1E56382CF7D5
          SHA-256:F34F2E1742393F143B0031654ABC6688238D81D8288D8A94E971FCA820E8B677
          SHA-512:050CFCC7CFFC87C47B10C58F562BF954091885BA1EC1769536B576DB80FE24174234ED6080E0A690D5F633749D0A0311586298825D04B073085B8BAD666B4ED7
          Malicious:false
          Reputation:low
          Preview:..}wS.}....q....j..L.X..b....!.p..i.....P.;.FGR..I..Zm^.y'..zxbU.../......}...g<7.W..n...s.I....G ...5D.......Z.....ZNg..H.....f:..1.o{.j'..KM....i....I...R.....'.,.e.|A8...]a...w...4W.A.-..)}.3.R..M.0p.r(.,z....y...=.....7...+..l.[`c...0J.l..`.......G.WF.|..Ap.....8.._< N[.x\T..7=H.$...8...*.u..".g........C.^...{...*.....@.....x.U..gP.8.j9.b".'...n.kl..+Q+..(l.^>.O.9.yR....O".k ..&.>.....U]3.Q.4..(..a,}.c.?.J..e...EB.....3......5...^5.i-..1*51,I.3;........V..|.>...)...ug.....+.vT.xj..y._.-e.......$J...X.'.*...dy..N.Fk..G.@1|I.S..h.#..g....MS.:...u...1.g<...+,...U.*..]P.~..b....3(.......F.9O......6D....".C.......P.A....x.......Iw.z.e..F...0f..6...2. n.l....<.znw..x.1....A.c....FBf..=..l....D....F%..C(C..Nl.z5....e......<......O._9....^d....M.@Da.\..Q.:...R.l,.6%qL..EZ.\6.h.0..aq....]...^......,.:.....%...4.>.._...r.?Y..H....'...2...PR....>`...S..gSK.....Rw...b.}....m.p.Q~..)..q....v..tesiQ....5....oS.......(..%8.K.=.}..J...NLv.T

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):524816
          Entropy (8bit):7.999699531070842
          Encrypted:true
          SSDEEP:
          MD5:49376F7DEA2081EE83A4FB4CF274A7B3
          SHA1:1910FDFE73B4A0FBE7A5A984DD69AE5F7BDF4FAB
          SHA-256:C9011F94CCD3E9A1718CB7F3DA4B43A9E720ED795B6D083D4D00BDFB805B6C5A
          SHA-512:9E66BDDEB567B836068BA6A174CD05FA58FFEC424ADEB9CC58A3350F1F456ABD789EA54F37730467A4F12ABB0EB571F9C18765FC3B283BE846362540545C2D75
          Malicious:true
          Reputation:low
          Preview:_.zX....23......|.\...c..jd...!dC97...fE.\.KU.b.............X.Fi.>m..R..k`.|. ..d...O1......%.......z..K.n.O.|........)....$..h.?j-...TS.82J'..e.q.7.;J..,0...f|.cb..[O.R..f;.8m.7t..(...=9...O.=.r.W.8%..|H.9Q..7+.....C.[t..\.1S.fg..LfI...g..Ho..O..{.im!P...S.&.u......a..T.9.FpX."hYG.j....2....w...."G......z..8.... ).4....".tf..*.....x..s$J4...H.O8.L ..C..3.ZQ.....j...i.....G..^}x..{.,......D[A.....&..@p.m.si...I|K)..w`...K...d.0+H.&.C..M,....9Rb<S...u.<.G&.uugU=5..?..\yE-...eaw;..z.....[!S.}M.L..b.w.........tS`.0'.e.{...0^.3....z...S..z.R}...Eo#,..s.....j.T..a....B..m.8.....V(.k.....x......<..$`^X..,...VX.9.#...{d..B..j.S[eeI<..{..3....-...n.......U.N..,.....G..\Gp.$*...F....q1..Z....4.!..<.Q...B9...'/6./hH.vj..........t..Z...]M..I..o...p..aRd...)3..:......w.9:.(..2%2.6n(.]&.g.lB@".F..]....tk.5..h..6O..Q.P.f.zC....8..]..g.......T.^%...z;....~g....i..."W...........|.u.r..>h..}.JT...K...'N..w.&..I.'.m....m.;..N.".@.ngt~7.}...}.:2t....^..

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):524816
          Entropy (8bit):7.999664504561283
          Encrypted:true
          SSDEEP:
          MD5:9A25F6CCCCCD57EFBB7192D46C1B6D25
          SHA1:25899ED3F1D785679B632630139BDA52688D6D8D
          SHA-256:19FD6A08729931223C4540BADE4B79C6A37B56DFAB64A720EF7666DA96575944
          SHA-512:6C1224DE43A69B30AC9498FB1FA3AEE080163FA9A6F9993CCFEE39B532CC8B4BFECF83CB4D89B7BFB18BCF5D60AB56E264A50847106CCDBA505A3C36C6E04071
          Malicious:true
          Reputation:low
          Preview:.../V.. ...D<{...Xo.............<.....F..j.(.mWz@....Q3.3...w........%"7...[.r.*.T8&.;.]y...ys..K^l..)....n.5A..8.l....Z...F....e.....p`R.+.r..Lu5.GP.Mm.. qE3.P.{^..Z.#.R|W.g.....3...S...[j.C.$.>..w.W.`.<.....9c.......j.=j...S...$jJvk..3.=.=...<qu_....l.......l.0B<.8.f[7:...\7..}..R..r.....HF.@..F....f.h. 2Y.I..V...w.......+.._..8/.AB.. .a....r.v.X&..i.......I4(.w.u\.A!..3.]..@.v~p.rdLx1,.~.z<..W...):+.!..#.x.I..d.%v.zl...Z.Yd...c65 z.(r*L....S.....n..e.L.?n$...L......C.`..M,..y5.D..Q...$.|#t....p..p...X....l.=....SP...M.R..(..q.p....-..=)x1..~O.....+,.......R....r"`2....L)C...."...t..6K...o..........}.....u_c........]..E............%...J....~....rEL....9...8*."..Q0h.j6.*X.v...v..t.../.....E@<.3.....G...1.:..>...........TO...4O<..e..{d)..t....%.DJ.,]...sci..?>1.E:.m.'..n..fj.U..*o..Nc....BJOP..rJ.#..;Tb:.s.....X..s..p^.I.X.J... .z..J..Mm .T....y.mF.RG...[./..X.`..........V_...5......-.\....J.)..e]6.C.{....x9.YZ,....l.0...s....n.EuY4.

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):524816
          Entropy (8bit):7.999622595733418
          Encrypted:true
          SSDEEP:
          MD5:4C0B741EA0F3432BEFE3116033CBEDB9
          SHA1:3CD35FC1A0F2491D8A230D6B766E029E1531C0C7
          SHA-256:CEC84FFC597BE2673A346AFD57E9A91A60D03ED99E529BCE9EE3530FCB2E1A16
          SHA-512:65A3E817F33D677E1ACE4166CE7E133F32F1B2B1AF584F895F848E117025D666359ED200C5A668BB7FFC15897EDC60C2C03902A745116395DF1FEB734C55ACE6
          Malicious:true
          Reputation:low
          Preview:.\/.&g2f5.....w.................)..CLO3y]...N+...,...I.n.4....dylT...aO>.^Z.>0...DB"............%.2..[.......y...R!I.%.-J..A.VS..0..<.1....^.c0...S..l....`k.._.}]....jA@]j.=M..E.{..3.^.....YhI...}...>].B4.*.S.c12W... .8c.~.Ug.*.._ .......g....c...R.N.T...w#."....*.>.>.j..qwvK../5S.....L....$f...2\..8i.L5+@d.Y>.{..v..?.Q0..I...........E.D.4.a^...k.... ....l,.m.z...1.0kx.......*f..g...d..N..Xr*.3........k..._.....c..|\..0..#.C....7h..*I..+`-..?.5d.&...#.;Z2..l.s.-.x;p.1q...7j..&......j.(Gb.\.a/U.....A....}.4.....x.......-...|d.C\09..f2...,.,.o..w.v<....Qa.. T.M.@Y.Z...v.X."....U..W6......C..>..D.}f).I."&.........~..=`_.E...)...c.B......W._.....N...].<V..I..L.\8;......)..........a"....^.....j.]K.-.,..G..P.XX.....@Z'...f...w.V..\!..tn..K.Uy%...L.{.....`..[]..T...ZF.3:.[.(_O...go;...Gk..+...F..,..EHC2....lJ.....6.!.'..g...x......pr.FY.b.f.:.!e..x.].n$d2.o....F....POm..}t.e..u.n..C......1#X......9..F.t'J.6_. =$..g......ad.I4+m..j..(..e..$..

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):3584
          Entropy (8bit):7.943984050070383
          Encrypted:false
          SSDEEP:
          MD5:8E211E3A21B36DA9975D2BAF46CE5697
          SHA1:7EC73E59AD323F82A768713C4B4FEEFCAAAD7CB4
          SHA-256:5E9B453F3E6E94DE758808551CF0DDBD50FEDB4326590CF2BEE60C9172EDDCD2
          SHA-512:A7AF455070041125E518C334EDE32B37DF1E2EC727E959D3A8447016944B082B1522A4755B84126588C0DC555EBAB7AD5F12C476C93FF6B3BEE1C6B2FBB747BB
          Malicious:false
          Reputation:low
          Preview:. .7.5o..}..+NN#.....M.{.g........`....P......<......4..#.yL.d{B1.h..*?y{ ..1..\l_...z:.s..n^.U^J..v.iC....Z....r....8.{u..[&H9.Rr..f<wm....-?.1.?..2"./....5'......@.';.k...-F..b....D.3..F..... ...q.|3.e..5..I.m..IS.Pc....A.......BC u..O..,.e.R.......<n...&....d.1U . ..oF.o...&..zu5{K.4.l.er.wk.\/@.....}....n.....-.>8.r......`.`.x.h0%..v@...pL8.v.c~.M.".4.I..{Mk&Km....&.Q.0.0l.....9...B....N.jn....>#=_.".......vI.hF....5!.....7Hw..u'...V;r7...D..;.a..y..a.O._....u.9.zQ...#...+.2.bu9..|<..X..n.]...wU.g...s;.Z.,|_../vUS\..c.3dt.....I..l.T..;Z.yi...er..$m.5 M.#...~.+.k.........(C...?.A@.6.As.....j].s}^.....q/R...7....z.h-.9..V.~a..i..fP..........=)....(..Q....s.;..R.y._.qP...[o...kg..."'......7_..s.?j@..O.\^..E..8$I...'...JU..e9M...;.........F$..........!Rq..m9.:..z....[F%..U..'C..<....>wo"..."MA.i..Z...TC........_.....kUH....E*..9P..I$:........vj"...|.h.Ec...^../M.et...8\.L;.n'..t.(.9j.~.}.1.1.CR.:`l7\..]..T..E.1."D>..^.N[.|G..B..s.x.)...*q.

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{56E9ABE1-C86C-11EB-87F5-000C29C35D9E}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):6160
          Entropy (8bit):7.964578442721019
          Encrypted:false
          SSDEEP:
          MD5:595DCBAA9EFC3A1129273C38A939D706
          SHA1:6B355E1DC6CAA098AA1012E50B89E2554A07B37D
          SHA-256:0DA17BF526C937806F53EAFA69169BDDC93B704B8386BA9A1BF8006CFB943E9F
          SHA-512:827990B6EA0D4861876D41B0542947B323EF9066C1846C679E460B192512645F841F33EE8F77B89277E9E25A183F5DC9D4712FC1FFA458F66A14F4A95D181A28
          Malicious:false
          Reputation:low
          Preview:k3z...\EiO.o.l)......v@..H..96..6Z<...lR..w....8C...~H.oE.W.......\%....N....d.>N(.wr..w...}..._..,..>...e.).7.A.M./...).W&...5t:9....`...<....={.VoL_.*ot.z...1....>.....;-...F..........0..g.$t......+p:.w...Zi0...T.........E....F...q.N..,k.6o...hO/.......[.hT.i.'z.9?0...'...&..\..X........_.2.~hu..Q.;.J`KKB.U.*.....ak.......'.F.).K......-8.f...D....{...S../..fh.v. .......n..L..T.G.7X............J..&..4....j.v.Ru=..h.'G7E...S.^...B%]M...H....-h...mr...4..I..\...2........5...&".@Q....8.0.....a.x8...Q........Qm.i.:U..3=...s._...........6.i.f......x..3y&6..O.....nw.<(...LC.Z......._.r..<.w.C..g..~)..N....m....O..q%.6VVA...E.Ed...2.bX..H..D.....b.P.....aJt!/...w.;..........p.[..t6.bi..u....(..#m%>N..:.xo$....p...e.=..x..l....%..."v...uW..l.V..4g.}.{....eo.K...|.......M.RE.(.:..C.E.q..Y..ho...kK.p(....N..u.......Ge...Zeu.3dm....vJ..$..CpN...4"X.v%......l2{.5.R..F.jfXY&.m...$M[...:Y........|.vY..u...$.H...me1.eBk.K.m...q...W^...?...Fu.S..^ .QOlz.Bx..H.

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{5C331E5A-C86C-11EB-87F5-000C29C35D9E}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):167440
          Entropy (8bit):7.999004817688222
          Encrypted:true
          SSDEEP:
          MD5:3FB8BDD7033B0E4612CAD53272BED0A7
          SHA1:D9C7C7A42DB21E1EAD390B3DD6EF2EDF58A2502D
          SHA-256:EBB8E164A83C0AF8DB6A435C0563C90D7B5ECE39BD1BAC9E3215D363D5C9BC89
          SHA-512:A603B3B853A4263634A363CF8CC6F18DDD1827730A571F703B0B08E4696B6C62BB3A9E0A479EB81FE5698B82858B3EA4F6D19E40F655EC28CEF58D4349ADF3BC
          Malicious:true
          Reputation:low
          Preview:.'s..{*~..|..D.?....a.........)....^...c...'>.'..l..W..^.p9U>7F.V...,.<.}k.|.d.M5....E9[`.%}f.'..I......4Z.. ...|...=.&`m..ai..............9..`..X..x@<a......!.z.(N?.....I.......*.....4~!.Z.Dq.9.}w..|...#e.9BbE.R."44\.k.0..[.<...`.`~....h,x...j.s>.....aT.m........y..?X.yf.fz..H..Aa.6..EX.a.7.J...L.*2..I..O:..1..O[1.q ..K....^-..........n_.....e.5w.D..H<Z.~".t.QK.U2i...}_......E..9.AO.].cBe....Z).:..?..b.......1.h....`w.......~....4@f..NJ..~...7B.6....n}&%n..~B[.Ptb:^.N...e..f....S.C..`.u....Zv.".s..:..7.~).^.3.m"8.)..PPr0.*.X...?..$...f..E......2.......!..0.'-.@..$!o...c0..lS?.I...=.d3...!...#.H&..q.&O....$+...w.>7.F~..f.....EpX....D%..H..Y.... K.k.G-}..'...i>.%..U..vL.^.....m.k.s...0.....a...(.v... u/...K.).z.bh=S......T.w..<!..C{.d..meB.cy$..V......}#.s..S.[...&..1<.rr.W.^.........2.B..3t5.y.08.1.6..w9...O.=.O..0...\.0.[./,......C .&.8..E..~2w.......mfd$..."..@/........]..be|x.0.$3Z40\I.!z.4.Q.X........#$.6R...Ck.....=>._

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):912
          Entropy (8bit):7.739981656443951
          Encrypted:false
          SSDEEP:
          MD5:AFF1D299F3958A517EF1688D067DBCD6
          SHA1:EC076C7AD114658B03EF424ED69F1E73EC3873ED
          SHA-256:0658C13888F88386AC3D2CE499F029408E5E2075363B7FBC6A21EE8B75754ACC
          SHA-512:8235EB25F3D50684FC3414EC03F23125AD34B4C16D3E53BF4EB208A52E8FC82F1BCA47744EE92A5DDEB7CE15A47827570C9CF2FEA5F4A80F239ED66BBC11A03E
          Malicious:false
          Reputation:low
          Preview:. l..JA:o..1.r.b..m....fyF3n.t.M..4.!..-,.3...~.........S...G`i[..%+Mh.n.."..A..2:y.....5p..h8.3.j.u*....&-Wbxx...z.I....B.l6.&....h?..7v.../...........e<tv.D=?Y.....ZoH\*.>..+=b.@i.._l...Da.}..fp...#*Q]...=7$Ip..S:'.f..~IR.C.xw.!{.aO[.=..N...A.\.Q...]8f.T.O9K.m.<#..}g.kx..Q.....8...a&Kc"..0.x.OT.0..#J..=/7|..K.x..>...v...{.v...Jv......34.c.mGY....YS.|.......(.R<....U.:.z.z.m..U."...FU..v...M.-.E...OA..I'..51Y.....P..F...W...N3......l..p._.8#...Y.2.J|.....R."AP4.r.....Sh.~.U.W..5..rV<..d.!.M.:i@..M..R.X.@.=..0+....V.S:^Ts.`\...6XW..^^k..>..,..J...../..{93.7 :.........am.(.0vQ..B....8.D.*~7v.v..MR..._......4.(y/.i.D.B...M.b..e...hz..p|.'P...E.-A.......n.3.c...Jp.4....F..f.U.-YS.z1(..w...<....#NY...2.n.1..W_.|.6...Y....hI1$..:s..7..*Z...........].e"..!#.I..sB.!..C8.+........PF...nT$wrxd..L....... .i...O.....}*XTiC..}s..%X...4N{.0xE..E...z.......d.......

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):7104
          Entropy (8bit):7.9668281108462935
          Encrypted:false
          SSDEEP:
          MD5:008A977B5204C4ED4F80D018E79547BE
          SHA1:8A431934808C90E5A544E690E9AE5CE6EE77CEC3
          SHA-256:A95BCCEAC89502B482993C6A5314FB3E798CFD7AF95676CF666B69EB9BF25FF3
          SHA-512:6C9DC1955B2968712F2B940A61DBCB3464710568078B1DCD2A37C654649122A4C3E2CE934144D3E60F9020AD012E67CC830B63765174285CCC32FE9C798E22C9
          Malicious:false
          Reputation:low
          Preview:.@('M3.=R...(SZb).a....&...%.g.3...K..-...K....W...Z}.`X...u..`.....KO...'2Y...'.3g.....q......i.....I...n.Vm...:..x.n/*.z.Y5.....R.....E....D./.k.hU....-...w...F....v$w_.:...gzRp....}..2.o4..h:......3.).KS.....=>.Y.rE.....=...I7.......V{'.].....:7mnH...`iQ.%...........m...Jv.o.J(......D&....W...V0^De.L......p=H.T..C...]..T...qh."...NA.K X.xC...0......B0.3.t..F..$.....e..(.L...X:D.o.~..*7~w...Y........f6.i.I;Z.a...A.7%..QA..ic........O.B.^...Yk.J.+..X.=)7f.>x../..q...-.`~.r..X....,.......O.C.....c..nM..w.:4..k..A..mq.K.r..]..r(..*....A...G.. .&.......E.)..+.........x...G.1.*.../.V*...(n.R.....6J.>.E3n.i....{.h._.UJu_gZF.o7......jq}q$..d.u.:.#..qRP...rM..Y.\"...w..%.J......W.....*..%B....jR/3.G....!R...a...R)..Ru.....a..("...:......%b.....EZ..M..|I......=.h...Ho{oK.h..)c.G..M2v!Ii.U.#y.i..j...:.dF..\..Zu..T..........B~br.......)...../..H...j9.....r!Z........;.......?-.Hq.Kb.p.T...}X.VS.U;FM!Iu..... pys...|....:U.3].+..Q|..'.!.L

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1040
          Entropy (8bit):7.806001122322869
          Encrypted:false
          SSDEEP:
          MD5:FAB14E7856ACFB06951A4180FD3612C1
          SHA1:C3C2F5EEA2DB4356CCC04A6DFE89B50C61584D77
          SHA-256:1B070A0F3C87D63D1DCB94901C38CD9FBD466CF88415B1F1EE83D75B4235F369
          SHA-512:59B5FF7BD0A9681C9D98913BFD44A80A24AF8E8AB520C19EA2EC7D34D22D15B3A69ABA1A733C9B618C4EF984E4422425FC7430E3432B89D38F53B6FE9C0115BF
          Malicious:false
          Reputation:low
          Preview:.0.Q..?k`<...V..7?. c_!...^.,.U]..u..W/{....G-..."...R_...c..a9.S..<..+....G{c.4~.?,..Q...9.!..-.~..<...*...'L.]..,.........R...0QV.*.....y..:X5....j...b.ETD.b...v0...B~h!..z....z..a6.O!....x...-.LH.b.T....M.T.JEV.h....[.\.{.}'..!.....^l~W.........M....d....V.~....-..-}..,....Q.v.....@.........jl..^!...'....p=...|s...\.X.3.U...=...6....B... ...wi......*2=.....`.L.b.]..s8N.........L...t......K!...Sc..F.^..0.....j..ZcY.[sM..s.d*.......CL.*.h..M...[.b...... ....L...>..V/n...U....o...J.......,.+.....E.S*.)P&..%..L#@...t.....@.....k...[......~f.].K. ....X....vvi."...xfc.].AS..$*.x#...S..h..?.....A#..{.uN.F...g\...;@<....). .7.V'..:.(...;.=....?.Wfn0m}.a.,.8m_..2%i.....n.TK.........>Qc.#......R[.....]..&.:QXG.G.\.0..)..t..).E.r..u7..exy.5pt.."..8']w..Q2.o.>V...n..|3.C......#....f..y.....6....z...<...c.........7:.......k~A...............G..g..?I..:.....s%i..).M..../.d.tO....:..1R|]......:"].x.Xorw...c...I;.#J=M{..Nv...C$?...%.Q.>.B..k...s...'}b.=.0...

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1936
          Entropy (8bit):7.901072797447949
          Encrypted:false
          SSDEEP:
          MD5:4492C0525632B05BCCB51F0D279FF555
          SHA1:FA3CE6AA7290598CF53F5C1A95F7B523526BEB08
          SHA-256:5F610943F06F15F1500FDC48273D5D2E7950B1F45D2019B58636D7DDD9530C73
          SHA-512:327D4719B71D626020627D36765C18C06E4CA5BAA6A3AF2B19D50450B90BC35AB682291B65AC8221D4FB3A3210FB7AD1B0BE985A3C2DE91EB0C499F2121AB775
          Malicious:false
          Reputation:low
          Preview:>.....*.....y!"Bv.SvD....Z..i<.+.r..+p...D...P.b..O>.,....cq..D..zx.#..h... .....nd.......A.;...".^..[..{..I]....1...... .R.I.d.L.{+..O......;_.3rw*.....D..X|qJ..O.....^.Zhf.\].L/p.PDz ...jV.J.<$Z.....`Dn}*.4....n..-....-....2).4.U./.[....S<./.'..B....}_.....Q.2..;..7u.c....z_.NFSV.....D...0Y..'.)........;...............F.XH......>V.L.$(....r......_./..H..@.W....4c.s..:.6].6.."?F9...w/..Y.K....+o.8...%...F..p...O...t./OW.K...8A...|.-...Q,$.W>.....0.......q'..Wx......_^LF.5"m7@.X0..|.h.c.FtF=[.01R...k..i.J*...._$.........k..l......u.u.6.g.c..5...h.$.R...Z 5'9.\........."....8....b..p8z.iE.~W....)..p<:..0..;T.Gn..(6...V.iA.4.s:.....2K.4j..}.<..0...._.~...8.+.bb;.J.3n.....8.;. >.;....W.v5c. %.....^ZF.12\.h_.o....:..c...rC...q.........T.-..;....J:.nY.z0.5..K...N...w^..G.d..mWGT....[..8....m........O.,.V.(~.)}$:..|.A.f....(....D.l..sQ6....q..`.q.f.c..m.0...@.&./;F@}...u.|...,p.....GE..3:....l?.kH.P...}d.N..H.......;&T.3b..Z~#.Pl...9..7..@....

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\u2m79ck\imagestore.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):20032
          Entropy (8bit):7.990876332002328
          Encrypted:true
          SSDEEP:
          MD5:6E4A9C8D238526188840E7111FF3D1D1
          SHA1:0EBFB68A6B0E671548480F5E26FD70DDA141D40D
          SHA-256:A909B3F057DB04FC86A267F8167C7C6D752211BABB8366333354F2E065FA204E
          SHA-512:C162E1E79ED28EDA898EA9F37B4E643AF3B5A11227D3951AB4BD8DBEF8D0201DFDD5ED8BD9CD8248A12BF729F02CC534600C45D3C848921FC4933980EF464411
          Malicious:true
          Reputation:low
          Preview:........y..xY....v.X....lQ.w.,...M:..n.Q].9..D...@c.+."s...^(?)...W./...`...B\SV.`..^42E.a...p...-lmZ.z0./..^.[.Z...P.0..y5....Q.......?..f..E...........X..........h...T..R..42..#.x.W@..../.08.?.hHA...<.;.T......@.$n;.#'..M-.`.(.......c.;.....&-......D....NPdl..w.&U.S>.PA$Dn4.vah5.7k.;.....`.....Z...fJ.).....RGr.....u.>.p.9r..9..E..4H.Y.%._p........5..^..R...0.0....3."I...X.O....BO.|.XA9..R...R3W......+P....>."xOF~......)q....M..[./..b..|uA..f3B.c9......T.v......^.w...0..(...).E.Y....v.z.VH,p.on\...Smo...(....1..V...k..b.._;.........=7....P...../..../...,..9x.^...%.....S.....Y......h...:.!.[,M..B.y.&......".... i... e.9/ez....=D.. 7.b;.....k.<(..........a..ca....q.8...F.z$#.....J...f.tVc.L4n.R.Z. 3e.Hb...9...-T..#.3B.r.A...AM.)..yf:x..7K.u.u ...t>.S..f4....t...a ..M.......p..p)g..>lM...X._Eg?}.&..[.l............E/4..1D8s.....+9..X... ..9}cG...f.2.;Y'|x.p.4...[...cZ..?0.t.sn...>...p..W....c.i...._.......2$.<..&B[I..........&f.\...2...Q....T.2.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\01_Music_auto_rated_at_5_stars.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1584
          Entropy (8bit):7.866162080327034
          Encrypted:false
          SSDEEP:
          MD5:C80A847173D0D1E8C413ADECA872F098
          SHA1:DDA146536E9E74FAF4CE3A2AC6AADD265F453AE1
          SHA-256:539F4453E061EB589F5772C06E54A21F56B6CC0AE86A4AE7D6C76847C64892CC
          SHA-512:70D8DD7633D779F41D5B07A068444EE2468D5D05B29EF2A37799BBE9CF394DEFEEB8506C3873DA162A923CB39DD9500F0A685CA05CC9D0630D808976EDB2B1B8
          Malicious:false
          Reputation:low
          Preview:......u?_..o..L...;...C.fwXk.'..dJ1LY......4..[T..G.w.*.......;.fu...Zn.a....sW..?.E.(KM.EQ.....Rt'...D?.h..9..:..{.d..o..3.....T....q....d.,....vkM...H...#...hH.v.r.4.tP...0t.4.)n..it4:.!./....4[.F.Y&\Ci(T7...+......@...d.....rc..R._*v#....%J{....F{rY.g...n?]).u.`}....\lA...|.....b..j.N....,.$+.."......\.......j.Z......c,.l\.mF...+w.9.].....;)..!.>..{ R4J.1...........5V....X@.3s1Pe8.eE.z.N.\.N.....a.F..\.....ZK.-I...}....RC|..<......9.M..=.u.K.E[.\.$. &.G...I.............tT.=..>.}.:.m.%.e...0.0....'.......%V96G*b;.w.....=.d..."m..%=(..s%b...z.{PS......S....7........./....x.@27{. ..Y5.,....f..C..O...4..b.\;.k...r{...i....\m..%....T....W...}H..X..@4m....&.I.|.uS.^e....6.[....m....F..$...9R..a..18...T.....CF.N.L.uZ...{..r".M.lN.p1..uw%.......I.d..._b>.'....'.>....%yc....".K4.p..R.o.l... bgM.0.vg.^...VyF.G...._...D..t.)...`3.R.....+&9...[e.t~.....o..T.2...-g.?t.&~.t.F1.t......A.........P$....o..;..r{1.@.....].,.....s....9%h.~..\.......W.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\02_Music_added_in_the_last_month.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1808
          Entropy (8bit):7.893669121947765
          Encrypted:false
          SSDEEP:
          MD5:D33D963D3B81DA15CCFD3A80892FFAF6
          SHA1:8A26EEBF1BF8C4BF71677F0972805117E94F367D
          SHA-256:9D2B073E8BE70CE7867B9ED646B685B5D39D6C60AC166EAB343E90F72DDB34EA
          SHA-512:C5AAA1386BAD0ABE8227147B40F20FE3658EEC7113B0C5124C3A495C72797F27588344BEDA37E3A9F508020D72D9D62AAF86CA235A0B9A96289FE134FCB64EF1
          Malicious:false
          Reputation:low
          Preview:..N.I....b...am=;;..J............uf...I.....%W..*..s.{...5W3.k....|C.i`%.x.YsO~T q..A..I..'.q.G.Q.r......'..TT...C.K.(cd.i......aX...wtZ.D.~...T....QE4b.%..#.........X........i..$...6q.......#d.8.T.vM&.\..|c..h..K0..u..i.M.#ZbQ.<..j..'f.a.~}.....orxX...<=....bw..6.ay....O..1Ew.......j..D>.+O..`2.M../T......=.k.!......vT....i.}...I..:....N7.S. ...D...>~)......9..b..5R .6!...k........b)..$..}Ml..e.tJ.dB3C.V...u.".,..Nd.'(..&....*y. (.gLX.YO.2...Q...n.n.Z..>[...F..A...Gf.h.Z.tL.\{.E.p|.[......5)<....(...8?k...;..|..1>..B.%........k.1....Z..9.t.G.......hp....t?......%%.4ZreY.:.g.......[..F.\...0..dJ...@RI%...H..s\.......}..6L.......n.....n..rw..xD.:....S....A...S.......{.QTa.7.5P...,.)...a...b8....}...-...!...$..<p..g;V.\.;.2o2......"}G...e'6.........u.......{...)7..8%.....L}f.}....i#..E!b.F...-.<..... !Y.A...........I..... "_....x.'@....2Sik0%...8.E"nH...+.Y........F^....LR.z.hJ.;.q.&..".%-t.M[.G.......`.X..R..Y..y..C..Q.h.H.YtD...F.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\03_Music_rated_at_4_or_5_stars.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1808
          Entropy (8bit):7.891851560922211
          Encrypted:false
          SSDEEP:
          MD5:BC4EE684FE8CE6F1995E44C28105E4F5
          SHA1:05FAE98D72385AF3CC01B70BA86C445DD54FB330
          SHA-256:F3ABA8D325510467771297FDFF311AFB3535000C9D768814859CB937C6A5903F
          SHA-512:6591E7EB2AF61BB21865C6E9B3DF83BC65EAE431DF6E66B6755D0112D31C3C10AFEF1E99E96E71DD974B24DF4C18BCAD2AC123A3C66C54BB4CF528714226D905
          Malicious:false
          Reputation:low
          Preview:?j.G.BM@p4..".0...P..`j[...d..`?.|$.........*....F...gH.4..E.2.-.g...nv.z.K./.[4..G3..;........8B.Y.._$.A....4.B~f.@=...W.?.l7..u.......o............W.;.Rf<_.v4.W...^zm..a.5.Z....q4....."^.Pm......}.T.C..SX...^..*.........!.q..|...."..^........!.f.......dx.X......:uQ..M..%7..Q..Z!./..8*....*[...W+./d........Q._ ..I.DYG.+.N...5....._.$.`I$..Z.~.9'.F.d...!.o.1._...|l..V$..}..O..{.~....3..........e<.....O..7.....B.%..X......u.oA......N.]G3..n...]'.....C...C:.b..1e...Q......}4c.z...c.F...e.......].....Q.,..ocG....qx..?Z..9....S.=...=.3.T.@..f*.....5..........^.X...tJ.r:`..t.Q.Ml`..[.........#..t..Gv....yZ'...J....$.S...W.e...Gv........._...........>.+>......V\..RN$....~A.+vn.m.w>.fCY...?+lWjYb.;!.D..n..`.L......D..S.i.%.k,T..x.....ZS..1.=J...^G~..U._cZ;T....#.HL..?..w7...X6.}.......H.(....d......<..h).......a$Rj....@....Og.V./...bi.....g ;.%..X.....m.Y...I.j.V...O\....)j.B;-q.Z:Uv....;..X.%5h...u46..7.7...d.DLv.:O..K...[.Zn.L.8..D~.^E....O.2_..

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\04_Music_played_in_the_last_month.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1824
          Entropy (8bit):7.892455123936617
          Encrypted:false
          SSDEEP:
          MD5:B4EFAF9C5F77627F8C15278185E2B9FA
          SHA1:635B1D847CD6AA4EB2A9B2375762E5CEF151061A
          SHA-256:6A35E1AD006A112E5164C578CC2984CB266D3BDD3FFA3C85C5878DFD64414FB4
          SHA-512:F8FB1A4D643ED0BDF3AB613C439139F2E2C612226EC1F5D428E32D8B5F6CBBA6194C71E305A234C71B2C607DDE03CB8921C9BA287312FE1168F6123168D629F5
          Malicious:false
          Reputation:low
          Preview:.J.J..-....y7...,!.o.k...a....)&...}.2..ROD..z..M.p.,....!....P;Et..vDU....5.....A.Q.5z.#...K.NY..M-..v.j.7.w....'*f....@.r.8.<A.wV.........".=...@.....o.4... .jg.M...VZI..t.b..yO.s.'...V..-.%...g..+.N)..\.2iQ...~...m..M.....l@:aD.........7.hf.....#.68...J..6.2...iPo..h..9.T..6.z.K..v5.........].r.+,.c..-......O.T..mxx(.q51..."....|6.0.`._,....Dc|%LP.L...._g.w8sw...L.Gp.73.((..j...j...y...Q...w....."..E...P.|.E.6-..._y....vf ...).....F...&"A..?;.>\..y+Xak.]...F..<..1Y.....v..z..P...2..v>4..SoC...F....-j.].....8..fD.E...?dg.k;@....p)4..B.b......H. ....*.@.y...V.....a^..*-.o.1.=.....k.2.}.N.ol..e.2..(H..+....5......d.]........H:........q.`.5.U>_>|......aO....X.)F..<yy.Am [.zNp..S.)..b.....T-k..;..{s,.,7......=B..U............$....2....'y.C..~a.g_.d............2y-L..;0..7.S...y.>...o...Ik....1...L#...C...ID..?.C.....w...=..?...5..".%...~.4...+d......h.Y.L.e.....>.x?/..ZJ.&mY.p.~#..]...u..4....U/..;.!...;....L2.. .....vh.f...3A.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\05_Pictures_taken_in_the_last_month.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1328
          Entropy (8bit):7.827617164112078
          Encrypted:false
          SSDEEP:
          MD5:7C0EF724461608AA75A1E141E96B8AA0
          SHA1:EFF45C54EAFD10E1D76BC56F772C60383F229D8D
          SHA-256:EF8486C31E1A34E07C79DF91B1A8D46DAFDCF00EDAD54F581EE8495497E8118E
          SHA-512:F4BED96E246F943C305DA941FF930B3330B5C818AECDD46A0F7BDABB2A1C9A9A88C7474C5D90C1D3987D32AD0579AE77A77E95FEDAFE6D0EDCEBACF5A21919F2
          Malicious:false
          Reputation:low
          Preview:..=..6.AK.W]13..u.........v.P..]~...;..gn.<w.?3..KD...b...".Q.t 5,.[QBr...(...#65b..qA...\..{..#<..._6..h..Py..C$#..@x\.._\Y..#}.M....B..S;03|.*\.....{.~. .._._M.G.`<...E.H]......rU.HI..O....d.S....F.....e....,F.!..x...Fk{O2(v........<..X...Q9=5...*l......XQ.......v.q.2T%.y.Z...%..._.QA_.g...NW..-BG..k.dA......".P...s+.W.....!.J..3._..p...t..f......G.-.C..v..E.x...Zz.r..v...<.a...;..Y..x.<bm.F.'....'...F%...5......&....'..^..V3.iW.M..............9..:......4X.pL..M6.....V..5....QAC..5 o....l.%n......$.E.-..p.C.X...g.T..A.....gg.....Y..~N./[..AJ.......p..1D2.P...L....4M.E...u.....C.b...nm....)...-\c..)..........B...+H.Ic.......e~JL...8QB..T....N+........>..I.........&W...[..IE...B.a...E..g......;.....Z^.?..g..`..v`...M.jl....ON.uZ_m.u.$.*YsA0.r.H........0..H|h...bx..\.Q3...$.k...4.....F;._...L...1Qo.........,b.U.....8.6zn...O....-a>Q.v.d....J.=9m....(...}.....d.P?...;UFBUm..}7....g.q.....=..|9.h..b.1.Ce.da...|...O.d.U....K

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\06_Pictures_rated_4_or_5_stars.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):1328
          Entropy (8bit):7.867091912236291
          Encrypted:false
          SSDEEP:
          MD5:9C5F00E1C770F38AE448CC3442842F61
          SHA1:9E6DD9E2D8ACB266E6B4F308217222D0BF97360D
          SHA-256:70B243FA56C242841AE5E750A330B803B975EEAD3C99D265CE6883BD3FD1B45A
          SHA-512:B245DDE233444060EA6F285B556E447210C7CD4A19242EAE75F69E0E17990047F7656AC07F2B032D82ACE808C9F2D4C0C24D316D0016E2CCA9E9CA92246E4FE1
          Malicious:false
          Reputation:low
          Preview:.m..\.:."........m.D....{.....b*.A\.3#^.E3..e....;`kb.....9.^..=.....6O......Y.....y..z.a...xO...S.%.\...d...M..@........C0.-.fx.NS..%..O.. .3z.X..C.O....K..%wYF.....K.l5.#.Mk..A....}..:..j.O.(....0......1.*..K.{..y...1jX]-}j...L.n.....U.;........>...&.(.#b.>.......(.p..l....[{ 8Y..3(.....P^.....+U."..q.._EWh,...".....I....d.4)<......8Y..q...n.N.i..;3G..b...8R.-.S..3....0S/........l$.e.R../*x.....Z$;..'..I..c...oYL.).i3..Cx...&6;N..a.].....O4\h.V...-......p.C...G\.E|.S...!...Xc.........@>...^..;.n'.....(........S.;.z.j~.c.G.....I....,...>.....c(..-...{.A.Y.&...]?0....?...........t..v...'.ftY...D..`..F....l^!.e....Z`.D.%6......5l..{F..?.hYQY.,9O.*..e.6...y..y....DCF..9ki.....>a..k...na./..<. .c...2({:..?U....].0.d.x....F..hN....<..6..z... .H.........`..\.u..&..=..p(8.....>...D.....E.@..M.a` 4,".....I.'\..-l.t|XJ.yP.5...VLu....w..)k.P..BC. .h...~&......k#.|..}.^....5h..4.T.pd.R.\g...+.P..\<N...T..JC.S0I..QN*>c.}1........Z#...8g.n.t6]._.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\07_TV_recorded_in_the_last_week.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.873055299924235
          Encrypted:false
          SSDEEP:
          MD5:6F31910961CB6B4818F94EE4FC650B97
          SHA1:FDD313C27F94712F394E454C845C29DBE2FD0DE3
          SHA-256:2175800876A179E23A07E48B5B92BFECB20ECE147802EA1EC6D88A0B208BF96E
          SHA-512:3A07412B9586CE9D157E39D95AFDB68A8935402C5AFF6D910E151892C5FC86A8C983D20CC7B7337BE0A14875725EC81F332650E7E06D449A747CDE56B61563DD
          Malicious:false
          Reputation:low
          Preview:*..?.....i...H..|.1.xT^...B...!.b p.r....+i...Di.x.%tND.&.H.N...x..............7....../b...ID?[m>/.....5}\.\.KX-..s..IF...V.xg..gR..:+.. .+.f.4&z.....j...v.+."7._Q.F.[.p\...&$.U"..*.....W..X...F..;....O..:.w......].[.hE.....Q.r{f;........~}...2(t....khj.k..2E..kY..h.B(..U.V~.....`Hra......o.....n...?..P..;>5..;....p{.Wmfu....6.#9.]..P..$][{m~...c.</w...%..e..a..t...,.....{.~.....?..0.rsl.v[.k.j.<Nt..+....$...f..t....k..C.......2..>C.e...WB.?..|.q..(!...=.$.A..SL..#.L...{Zet&o.._0<".....$...N@.....F6..L...^.V...^.b*.>N|8.D...j..,.g.`.u kSW.!G:....t.....].....G.O.I...X>...T...G...............zSh.8..'g...%.N...s...a...`...XG..".Y..}q..`.vX.!.[D...[_.)h(..M......F...k..U.(....).9....,{.......%.....|.j..C.H.4T.q.N.... .-A(../.x8>.._Z.......3..wu8.[P{Jt.m.e^.S.`9..y(...r......K...]...L.....2......C...X..}.u93V&.BQp..SW1.D..[.(..y....Tx..an%..........4....6.D3y..:.. R...W..Ur..I.2..2.u\....s...Z.z..:.........=...!Q.Y..6..'....3.[....g.^..u

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\08_Video_rated_at_4_or_5_stars.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1552
          Entropy (8bit):7.876587811814576
          Encrypted:false
          SSDEEP:
          MD5:A91831636427C329EB6B8CCA335ABCB7
          SHA1:1318F51E166B73E65950E1A21D9BBD5F25F57E9A
          SHA-256:4691D582D24E1D2F9F9D88C541C582A552B8C56D6BB92E97FD6D1245DC536278
          SHA-512:53524D70ACB4A077DEE8E68C2B9F26408B025BA0335393112287DF1978B96658B581259E36A9FBCF4D0F3E3609B32EF75C242797594783F54DFBB48E66D40D72
          Malicious:false
          Reputation:low
          Preview:M........g6...;.....d). .sK..E..vI..C...".../.8.2.a.......N.....`.L....'.CQ...<.(tK..........^O.l ....M..P.d......Zu.,..B01....._.&....;Zz......>`.&q..P@I...Hg..H.....\..:.7..u&Z.y.M......g..6G7./(+.|.j.....x..E...Y....@.D.3f.e..!......%.n........R5?..XH.bi.?..4.;...!.$D]..K7...f..2y~..B/.Z..CY.I:....?/..a.O..t.....Z.CK.g._..4.z>x.D.F..K...........@.b.f...On.{.....arQ... ...HK7.B.......2..f.Z!........n...........v.I..6h..0f...b.X. MGl..7......S{...R.#.o.Q..=.g.!.......n.G....A......G....5E....e...0...........w.s]].0..,....<QF..%.=.{4.D...FQZ..#[;...h@z!...#FMc.-..)..J....WG.s@*:...`.....DP4......a..\y5-..9_....MA......wn..?.6.9./`5W.Z......+..2i..o.&}..1^..,Y.|m..Q4.z(.. '..m..H.....+..<..%'.[..K.z..nIa..SV}...i..f4`...y..az....Iz...z=.XU...7#...[\...S...#2.;^f..xC...r..h...DK...?,.&.MN.$..VV..X..}.o...)....Y...)G.,...-............!.TFT>.b.$. .."....$..... .).c....?...B..Th..+...>.:).O+QS....[.JgG.......GA.....n.)5.......TV..

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\09_Music_played_the_most.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8822963752672495
          Encrypted:false
          SSDEEP:
          MD5:F703DDC63292C438D4EE380CED3CCE1F
          SHA1:87C79D729DC1925DDA4E65EE8BF959EB51F89F5C
          SHA-256:1C5C67F1B66039DA7D2F6BAA76858BDEB74C5E7E41B13B85216C2BA7B209F191
          SHA-512:6A48D6AC0F82C852FA6436A69FC8FBC39D102075022072D6AC79902A2DA6245445027DB64AE00CCF3EA14F7983734C0468E8B4F051362CAB4009B01FE305887E
          Malicious:false
          Reputation:low
          Preview:R..5^pR.....[..=jU.H.(.]. ....*..f.&k?TJ.....B.Mt.CM~...<j*.h~l.urO.V......t*.r..^a..5~G.}.<..M.G.o.. ..O.g.]....K..q....z.|YI.z........xNb..RzGZ.L...s..O.Q<..d.].-.....yG.C:d..W.G...U.i.....M.N....2....s.^<...'.....L...+.......`..y<...(.t.d..\EGN\O..S.I.......F.6..5...(..d6...".....#V}.....d;......u..1G@......."p7.a.....L<............X>.j]h..%..qu.C...5.MY_K.$. e...$!....|.....D....2b}.0.O`....."BB..nW.+..B.;Q..|l36.P.o.......3.V...w3....fl..&...o\..\........).~t.y..`..7Oc..7..&^.c.My...x$.S).....:..B?1.U.n..P...L8?..o..a,.*>.......=+@8.%B..!......u.....!t......?58...6.......h..#.....[....mI.J...O..:..W.<.v....b|.u....dG.....)/..u.N..pk}.I...e..y..z.c.5q..D'c..').=.....w.3.nf.dUgM..r..........N..0(..;!..qO...&....{.t.+yN1..}1.....>...+.AF.?.M..Q..|_\Zsy..q................~a....l.S.s.9Y.....^...fJ.P...~........c....%..8[i.T....."...#.:...#]..,y...cJ....I.a......E.!#...3q..c^...M}.r..U...Gq. rzH.....0`%ZT.:.]Bq...%s.qt.m.`K.......Z .

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\10_All_Music.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1600
          Entropy (8bit):7.850162040016844
          Encrypted:false
          SSDEEP:
          MD5:8B399F157999382E1A0AE7C8008D2ABF
          SHA1:7357FC717FDCB3777C5CA7EA21E22638937FDF76
          SHA-256:1FCE2326A13A72D30E0C9649FB1025A9676EBB8ED74D8D570C21DD2E569EF3EC
          SHA-512:BC9379197CBAD7FBB9E7B14372CB164CF95A718E0832BA550CEEE74D0585E8658BC90F7DDF0A6B10EE0AF4E1467B6C5F1854EC2A642251FE2FC86E3F523C2C5C
          Malicious:false
          Reputation:low
          Preview:..u..AHj...".'4.7.%...%..(.....5.Q........Ce..cn.(.p........0.if...a.(........h.s..)P.`...i.#RJ.b..+...b....\b.....i..UNH... .v.#j..P> ..22MLn.....U....m=.%..`4+....v..0.....N...Pb<.fw.F.......h.v...S.A..z..N.sH=....k.vx.J.Y...$J?..lX.*Oc5RJ..y..4..+.R......v/.+..s....WTu~..oPt..xf)..".j{2......V..../cz..k..Z.DL..Ck..u.X.$j..p=..M.!.....v......1@Q.H.WR....`..Y\z.......z/{U......~...M+X/0J.I..2>....Fu.?V...Q...J..;..wQ`v..B.T$PBDU../.......B...<..q...U.`.j.Y.<....M*m4......D........>_.E...ym..X...g..`.f..9u....}..;.z....o....'Y>....W.Z....EGX#.4E@ga.s'...........6.lB.c.p......2..Nq.#.$#H21Q.>..s.O...f..9...L....IfED....L^-2a.........p...%t.h0$......^.e.t.b.I...Vx+g.`."m`.<.SNdS.).q...b@/...Jxp....R.s...oR.N.........u.sz...y...q=...B..........b...7.3M@.f0$..,...H....^..8.....U..l...*.q.7/..CS........I*'.6--.../.o..n'H.X.tK..K=....#.\i4\o0%Q\....UN.W|d.....Rh...cv...C3.#..+..C...3.9...U=..]z.....}.^B...ae....s.@d,.....!...$ ...w.o>...>...<.N.9.

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\11_All_Pictures.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1120
          Entropy (8bit):7.814492640429892
          Encrypted:false
          SSDEEP:
          MD5:B2BCDBA8F6BD656A1E7860050816EA3F
          SHA1:A9A2DD5031B2F926C0385C5F1EEE337665AD70F6
          SHA-256:C9FE0D34B1D84BEB1943F587995EE79B6FBEFAF63C1F342E3DE837F6CB71E520
          SHA-512:B6D63B67B54FA3D2B61EE64922E92A14AD9AD211CE621E95F8F3E4249BCA28E90F878510819E556506C91D39EF32DF8C01C2AC5990D092E3EF3F1041B3EC4065
          Malicious:false
          Reputation:low
          Preview:.H..........(9 l....v...}nu.Z...:Q....,*.7f..;...B...,qA.f.....X;ui`.9CNY.AG1..h..T....m.Eh......#.YLD...0&.....wkIpn.c..(<X......lH.<.^......."!.3...v..:...Xc~....Q ..Z1...5.D.0.....Y..r.....[.......-.1..9.F..$.5oP..E.?..n..j.M..i>..V..H.....V......ez..v...V.....?i..jQ.i7....i.1:.t...-{.MgK...p...,...6.....6.......r[.d f.......R.....4.}.|Z..v.;?12....*.Z9?D.K.E...5..P...-6.{$..{..t..m+M^w....).K...7..50..)6Q.{.P..&2...c..AFrB...f^...C....u......o.{?I@.f....Xc..glm....{...3.7t.>Z.?._d.....i.L.sQ...lJK*....^,.d..wQ.%-.0gr.7a..]...__C.cs]....b4...c....`k.....M>.3...Yro...C^w7>.n.k..f...[.../....c.....o5#2...\..8...O............zm............!..7......6d=cjv..jT....LN.....V7...:..)....4.2|?.pR6.h.Z.6....r...e.....W1...B..W3......k.0.r.Gp....%I....O....v4{..9...........K...=...$tH.c........b..#J*.dc..0=..43.~.|..k......9..s..{..]K.J...fE...Rw.$.R*=.q....Y-.n.d?K.....i.j..I.x...3.]3.&..c[na7..X. `....=6H>...}.].O........C.I../5."O....%.1

          C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009AE8\12_All_Video.wpl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:DOS executable (COM, 0x8C-variant)
          Category:dropped
          Size (bytes):1616
          Entropy (8bit):7.877053508793198
          Encrypted:false
          SSDEEP:
          MD5:F091AE84F643BB032AC1B109A3098DEA
          SHA1:35CC494469F036D0C780C476C80D82D1183FAAE4
          SHA-256:A2089504C59020C63A694DBEFD0A3C5D279F32558E9B71E9F806D81D35510463
          SHA-512:775A99B5CDD94EC956EF3AB0608C1E33A1464A3868D12C3C7950659E614D2A307C6344FE4DFDB4C08ACD26291F390B9415E824E1EBDCB7CA9F1D0A80434E537B
          Malicious:false
          Reputation:low
          Preview:..Wx..?...p.D$...b.D........n3t.|b.?..........J.K.>]Z. \..Rt6.[..W..P7...YQ:0.ft$B_J_q..........F.L..Uq..w...E)..A...L%.?V.F}..X.9....R,-..8.....D.'.^}..j.m..+.....8...t....D.....W.=.?`\.eDx&.=..>Iq..........q.......^0..?a.D.2U.(.....=....A.....>.C..t.......la.!%...w..?-..d........P..@J%6..M......J.....&..>Z.xb0}':...%F.3%...m....y..F..Y..Y..?.)...[.}...M.$.,.~........._Jc8z..!...%w.........) [.|....m...5(T.].D..5.Vr........<.....{..m...,G.y....8.R....cs..Rf ...0M.$.?y-0...O..~..%./...?.7..I.....v.!V.,Woao.u.6.Xc"j$..&.Tg........g.R<Q.>.r.....F.I.^...vk.I... .........o...m5....+....t........M.A..@....`.......m...?..D..+x...Q.4......V...A3.7..-..'U5.4.72..v..e".W.W ..7w............|.9"..|..%..Y...#@..Rw.......%v..N.]..dz...!Gv.5...Uf...%...u#...A..r........Js.Rw(...Y........JoM...1.228...kR...l...^.{.R.'#............o..l%...H..\...z...>o".HA..j....7.gm...aWR#F....f..`.|=.....)....i...Y..\>.UL...M+<./.RO7..[?.'..\w..'^$..r....[.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0BA6B95B-B5EC-4B9F-A2D3-51BD6D6FF521.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):157184
          Entropy (8bit):7.998957165001488
          Encrypted:true
          SSDEEP:
          MD5:D6A0F50B4CF3FCB8D0987F9CE0C8F929
          SHA1:082D54ADDBAD9C5D15C7296008750F17A83FCDEE
          SHA-256:98CF66D811140F4C6F1DA317DCF5648C02C814018B6C3E67EA43C286B6AEAF26
          SHA-512:AFF59DC0862EAECD2D2B348D656375DAFCA1C6BB7120C270DE168ADC352882BE27868BA139A10BC1113F7B14F633173D7B1E66922CF003BCD2DAA24D728A74A3
          Malicious:true
          Reputation:low
          Preview:A....cC....&..4j9^.W~v...m..`...0M:I."..E...b...Ji.1.~.mM.z.S..b9.J.5...lAd..`.`.@..........8.[}..3C.,..V*.......v.[.!teC....28K..2.v%.>...;.?=....9..ZW.M...#H.u3.x.eT{c.P..dT.F..\.r7..H....4u_..vE.c.X.{? ...I2....H.[W..){.,...v..'"e.=fo1,...<a....%...hzV...q<[.].v..+x..|..F. ...KIQ_..a.Z.:...8q?.....`...(...k.b...T...xK...X......A!......E"..9..u..M...s.].$..i...tm.......n..-P..M^.%..d....-.F.{.-d.....w...Z+9.O.s3X......1uW..{.....f.@...L....D.....+Fg.Z.DR0/..2.-.-wZ.^.nJ.6..2)j0.?...Y.Q{....0...O.NL.KC.........b..%....^.&...Y..@~.Qq..^.r~.n._.G.>..CY.s.$.WQ..{*.M~*.........q./...6.._.DWk'.....z.p......\]..-.|.;..f..Q.V...85.7D.....x.8R. ^...7.!..&..4..{...E...Y..Rnd..ao....h......5..W.......j^.R=.....]%."hhD._....x.$1.. ...._{n.V.......A<....BVvRB.v.rs...X...&..t....=..C.96).j.o. G...^...o..#.....0."!?. @t..D.t...%te.. =.z....}.....e.aH.o.....^H..HJ......D....B..aB.z....rV.u..#8Q........|.8.z4.V..~=..E...BU..?b.]:*"...l...M*.EX?C..p....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5732433C-DB76-4CEA-84F2-FDEFC3D2CDC0.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:Linux jffs2 filesystem data little endian
          Category:dropped
          Size (bytes):157184
          Entropy (8bit):7.998784743396934
          Encrypted:true
          SSDEEP:
          MD5:D93EA56DFC48056F44B44EBB1980226F
          SHA1:1D8F26478BBBB6A288A382866561E19B7A69171F
          SHA-256:9E05264EF5A5BCB4F14BDCF24E7E2970362BCB60E05C3A419830E203F5A4985C
          SHA-512:C4E7B1E941E25CC4FE645EB1BDBE019E1F9C86820C70C6C3C4FD2B2CD6061C1764DBEC627265FF5D59C681DFCAE77FE61CAAAC884F19C9CC68A926FAED06262A
          Malicious:true
          Reputation:low
          Preview:..u.{.C.HJ:,M..]..K...........9....".....e....?....k@...y`D.y6.+1...y....:y.s...........N.(..|B0.(>y:..v.@.>.r.LBH.....F.Mz,...I.n._[R.2".V.G.].....1T.[..h.....5g.y.dVV..B+,............a/)....W....F......D....C..}.F...p......%.$z.Z0.R......N.9.....:..%.....].....$...}.].|....qD.......1<-......1y.Qi....U...."o......>C..\d..dZ.F7.5v8...z......P....CPt[...q.Q.?.T*.B......0N3s"...\.......SM.B.g..1./.K9...>=..>@S..V.^`b.Z......9q..3..,.... .....D..........I.I......nO%fK$..h.....)vw..k.j....{.}o......B.s.wn..8sM.!!*..R{z#........".-g..5..vNL q.c.V..oQ.....W.9..j.. .E.!.~M.=......J*....[.X.j..E.K........R(w.-.9.#/...R..}.O..Is....;9.'.f....y'88e.l...L.H.........@*2..`...G.. ..'..h.7.&Hr.GP)..#_.`..nV.......M.S....P.?....2..1...Z....l,6.....~{.........0.c..1.R.Jk#.(.0.........Jze.d..dW...[..~5e.&{.!.a.T5..R1?p.Km.w.5..0...,s.....Ej..}.f.4,....Mh...5...@.v.j........q(....X>.d.rd...Q.).;.........8....m.u...n..H.G=.!.M....C.@9..M..T..cA....;OK#

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2021-06-08.1511.7540.1.odl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.3493121878399243
          Encrypted:false
          SSDEEP:
          MD5:5F3A15208C674766CF2914DC26B85B9B
          SHA1:B0EE47051AB5219FCAF847EB322275D0397B0E72
          SHA-256:53D6F26F1093C7D79BA0527C0B9F9EE1B95F004630AB2B8B4EADCB9DBDD9DD8F
          SHA-512:787C4DBEB6781916ADF663BD0A17CBA2D67CAA30B497FF8D034901AA3A6404238551F57311062B5B159B8ADDE45958693676B62CFE2BDF0F030640F845DBEACC
          Malicious:false
          Reputation:low
          Preview:...1........X`;..]...M..._......ZA..7R.6a33..S...d..5d.).S.]uY+-............z=....h3.T8.;.f..a..{..*.M.3(......Y...UhUCJ..].......LU#.T.....]......s.[......st..@..w..n.NM.Kn...9dq....??...<...k....w5.....I>A.....Y{W.....^.....*....S.!...d.7..a...@..n+#h...suJ$.....h...7.{_!.q.....8...Wx@.......k.N....h.D.Y..ef..sZ..~Y....}...o...i(i. Rb.s.4.Lh&Hz@*..*wJ. .....-.utk...D.g. ...>.[..OF+(Y..VU..z..E`kV..!..,.....S%2.........=M+...q0SVR.]{..g'..MI.c.O3X)..`...1Vo.C"....5.r...Z6D.y....%.].I.G.i.)..D~.l6h...Z.al..W.'U.n.. .!....2.5!...<#.....\...iNY....6.......@.............".\..<.a...... ..s..{:....<:.zQ...v....*..V..u........{.?....xP...F.5...p..q.5.Um.._j.0(%.MT.ye...[.V2Z.[{.~..fBCPN.....x....Mb/.O>Iy4.K.8v.}.D._....Oq6y$&...ii.WK.w.[..... ;......s..ol..$b.<.S^......../.B.^z...../)......9.u..n.r`.i.....|.M.b...Y._}.2N........t...3.y.q.*<...*...[...9K...D...^...G.0.cP:W.D.@.F.f.P....q....5/'-#J./E..._..g...hI8p...Z..l.V..H.5*...-Q..D

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2021-06-08_151147_1d74-1d78.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.0579426998006434
          Encrypted:false
          SSDEEP:
          MD5:FCB36A285977E1BC93E2E71E8AAA92D3
          SHA1:C4A7533BBD2E8A81978CF0EACEABA0A2673B1B87
          SHA-256:89B71C89913031CAC006D51A5CE0CB35AD7EDE8C6B38B3DFA48111AD093F1267
          SHA-512:1072541125A40CA3D0C63CCCCDD164F06139A992DDB50767496DAD533EA4D4B8A3424661427831EBFE575C9B606CE54FFE7B4519F08837B4030BC4589F931BF6
          Malicious:false
          Reputation:low
          Preview:....g...Esl}.....#.e}x.:c..n8.535......{..j.'.y9..9f..S..IXa.V....m....*<.C...`.K ...+%..8.8Q......i>..B.2...a]*.:...0{..L...=..z.T..U...xX8..T..4.S3..!@F^=..9.*"r....M!../yI..c....V..w.6_(......(0......0.......oc...]..v.p.~.@8...8c..S...=...2....>.L.....aAt...3.....i...a.0.I.....$o....)....B.!.,....w'..8A.....(.a.i..r.Y\...ow..5..w..-..O..T..=.H.G.Tb..........E.l[j..G.......I....S.oZ~wq...Py......=.}..&..{..za.*...Z.~S......qj.f...{.p......U..c..?.jm.P......^.J.HW...z.Z97.eE}a..w.o;M..D..)9..XQ....5Q^....b..sD....~..%...9..N....oW.]...0...)....Wd...3.....6...w.>g?.R...4.b.b(..S.....*).v....{...{n}..7...&. .?<U...x...OSk.d......Z.~......b-Y.l.?..^dk.#S....`o.C.i1.$...W^.P.{J........JI..e.......QPi;yI.C,...=f.`SAq...._...SB.#..y..IH.H..g..H.........\.1....RG.'0...N.4.....2.B.U.$...,2.y..Y.YDnk.).y...\.....6..5...C...x.9.{.^<......q......`....T9...*.$...c.v..m......G...w.U.gj.......8........dB.H...o.m.L....4...6.A.IdT.mL.......t..*.../...t..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2021-06-08_151132_b90-13a8.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):21712
          Entropy (8bit):7.991519984087348
          Encrypted:true
          SSDEEP:
          MD5:19E2E1FFED26399E54C5249E41775EF3
          SHA1:C8E86CB14C8682C0822A4016145F6CAE8FE79C94
          SHA-256:DEC0FB5A1A797CA272372AEE9DE25104291D1C923693E7B73CE1037DDF7729E5
          SHA-512:02C6C61FFDD10B6FFBB59F6D240C8ED6D6387A396EA09FFDE8590A0E1A79756C95FA90C12C7E83B15DF72E6D197C2B34FAE3CFD9ED84F0D21176D63444F4ECF5
          Malicious:true
          Reputation:low
          Preview:..Mu.C`W.ro..hHp.M..8.{.lgX...............}........I=...$...(..B".......eC.....%.j.[........#H2Lsm...........|M....+:....t(...o:..U...7.........WE..}...$4O..n.G!.uk.5...rp'.$..W#..=@".5H.p..Xh..I...a]..|...v..:....;.....{..O....E......=j.Q.)........Gn....e.+........s..y..82...1.B.\....lT.?t.....3..w.q$....:.G/....M..N.....*....)...ER..QR!..... w.X.&....E..OD...z.X>..... .O.....kP.....\v....9.r...k.ab_.Tyl(.....S...#fj...g..|.......L.8F%.."..:....^..A....H.,#.z@a< ..."..5...gr..vl..........rY.J.@S..Yj..qTW.zEuL}.......Q...%$.qMu.HC..s.+...+..Vb.)...|...|._[.tD.....%...Q.:.S.f....K..N..+..G......D..2..*.p.J.....J.j.....DC.7..s.G@...j...!.(.N...&.i`..}2.vy..n..4."W.Aa.[.>.....l.t...i.....)..m*o+...6M..... .)...,Zh......;.I.d...F.....[..e.......2.hS.l(..o...T..a.?....J.;..r..x....a..fd.e..=Y>....,..j.QB"....IN.nt...!...].....KrM+t.o..nF..d~..4...}.d.A.m[|...wI|>.R[.8...0.*..6_}....$.Z6F...]G.......r.X6>..(.KZ.`9.Oq..0;....E.v...

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\README.TXT

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.26023349182008915
          Encrypted:false
          SSDEEP:
          MD5:622708F422E15468EEE339243BD87D38
          SHA1:BFD063C5740F0E2CA0CB7EC97AA1D091D41C37EC
          SHA-256:206764B5BF99A0D77E5FA8115004D8C826404511BCCD65407FDF482865CF4F91
          SHA-512:93E97EC97E1FFC18426ABEF8150E8F938C7237E11B20B14A900C5147011D7D8B7723E8A7F5B8696007C03F46FC333E1799CB8BDCBD611759BE7F3810F8855FBB
          Malicious:true
          Reputation:low
          Preview:Hello!.....If you are reading this, it means that your system were hit by Royal ransomware....Please contact us via :...http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/12345678901234567890123456789012....In the meantime, let us explain this case.It may seem complicated, but it is not!..Most likely what happened was that you decided to save some money on your security infrastructure...Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server...From there it can be published online.Then anyone on the internet from darknet criminals, ACLU journalists, Chinese government(different names for the same thing),..and even your employees will be able to see your internal documentation: personal data, HR reviews, internal lawsuitsand complains, financial reports, accounting, intellectual property, and more!.....Fortunately we got you covered!....Royal offers you a unique deal.For a modest royalty(got it; got it ? ) for o

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2021-06-08.1519.1880.1.aodl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.9328128290571577
          Encrypted:false
          SSDEEP:
          MD5:9A42132673E064FFC25B8007D10687BB
          SHA1:FCED40E16763BE640EA109E47432BFB28C44DECD
          SHA-256:D7E0A05D886BDF8A2D13667E7450C5CB26EC111A9A4B21C8FAA47D409F044033
          SHA-512:2A873CAC866B1BA19F5F59B64E0810A0BF4D6B905AF61514F47DACDC4F7CAF451B57B188BFED706BF9D61C2866BA193CFE66F2AEC5C37340CA91CF3A69DC9BCE
          Malicious:false
          Reputation:low
          Preview:..8.6...2...%Uo.....E..7:.7..;...-)...(WF...RQ`..+.G...tn..j3.......<.^.A*...|..vDS.[......Y.TJ.5P..0O../B...8....JS..Q..Q.PvY>C&o5....4..!..7....~.....`....-.. \w.G......V.w{6.v.].3`.J.!.D`. .~.........>.hG...s..'...,..*{.p....t...m.I...nki.[..1c......9.!.rR..,P. ...69'.wb.^b..O......U.Y1.3..d..S1...M]6.4..&....1.s.KPmjb.;F:$....@......d.(.K... ..n.[...+9U..(..V..Z..V.O..0S..Z..|"5~.+m.x.S.....!|..F.s..g......./J$..a O......!p..o...[.P.$....7C.D..].C...)...#.-....W6g ..@.Z+}O...B3l\.\..RZ..pR.....y}.>q....Q.|..s.`]s..)..M.M.+..[5N.!.}..O-iL.M]...C.%cA3....I..o..y........P...h.K..@.h..X.p6...})#..u.;.&Uom....T.v..Xrn..N..G.f.0RevK.E.......?.U.?.u.,2.....uXB...?.G..EQ.(..1s..UG..)WP..f..S...^.32.h)...M..6....j......q....|......-..w...H.........w.u....q.ms.%.@k9...;U.&.+.?..YhY.r.Q."...f.>}i.(}....u._......@.,&T.c..S...D....."4..........If....}vQ.-m:FK..{.n......O....e\A.5e.....]bBK..=..0.3.K....V...K..#:V..Q..#.,--.mg.N.Qyy.n;.}{.*w...,..v..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2022-08-30.1344.348.1.odl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.4928041842477473
          Encrypted:false
          SSDEEP:
          MD5:83D961C635EAD297D67D170AE7A5B013
          SHA1:EE3B77531C03BE03391E3516E691E92D8FEC3C77
          SHA-256:39EBFAB6CDBBE6E0C4B8459A13958F42F7A354920A6D63C9824450F660F9983C
          SHA-512:0B49644A0C71215D4A1A59148B6E6C78E73DDEAF1082E5B7D4BA29BA7A565B879679D455F8DA088AE4330625A52D7683220DB943CD89F6B09BD04D1B2864E65D
          Malicious:false
          Reputation:low
          Preview:..D......2.m.'].(.$........Fg=0d.l....hlEn4L.P.{u"...M1.|..w....MG....'.Ge/OTk.../]...z][..0..mo.Q...(P..F...+...GH.....<.V.c........6Y.i.tF... J#s{.i~.GX...J..f.AL.m...cv.l..Un.D.;.P.D....$Jr.y.n3<q..[..^.V..M..q$Q..m...AC......wo?. s.s.....Z.%.pnl....s>...Q...".HN..M0C.<9.Y..D..{..{..BdX>..8.k..J.......K......D1...#..,Y....V...3M.y.b..t../...+.{....N<.g.R....E..sT.....p..h.Ne.....>Z=.(......."..U......h.>....f0.x%J...B1.p..wc....(R........G#t...~,..\g..}P[.e.0....%.CB`.|..B.7Ob%dO...)P..D....i....T ....e..DSY..l.7X.1.=^..1.-pVN.&2.%....hT.g4......n...DX.W>.....ci..*.=.../-JK...Ft+..A3on.a.x_,.....R.Z.,..<v.o-../.BB..M...>..X.#Z.,L...:.7.....;F...f.b..o91#...T..8E.7?.D.`.....:......_. B..k~..{........._.@..@@.......b.O...{..U,>.L?X"{;o<.iLr..;.....i.{.p.%.goU......[P..H..M..x{..8.*?..D..?.^.H.p....ag..........\..4.2....\^F.8....[.h...o.h".e....B3g...H.......2......W.z....C....Z.:.m...D.R.n..3iH[.....?.qH..D.K.....+Y...-".?..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2022-08-30.1344.3408.1.odl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.3123163646834974
          Encrypted:false
          SSDEEP:
          MD5:69697DFA8894C5C5DC735E11F0EC27C1
          SHA1:1B110CBF25668EB24F9349323E6E33A57ACDAE31
          SHA-256:883410591708CBA521DF343AD35942F27EF2003063C2779A27DC65E20B5BEC76
          SHA-512:E920B53E1FCA9FE88506E1FAA742E21029E30421CAFBFA2CF80C3C927AE73E0ADDA32E6969A2695D596ACFCC51FE4BDF292B4BF31988686F2867FD43B9B3A938
          Malicious:false
          Reputation:low
          Preview:.M.A.....7z..,A.3.*bJF./.TC].....iq..K..om&......hU.+.)L..M..[I.|......=![....y....y.Gm"..p6.....g.`o..(:.[Z`.>..V...."..,.....&3..,....3P.......*.v.|#..KG..."..*.....Ycd..aj.gI.... ..e.C.p.M....Mn.!.U.....g0..lEvz.s.g..:....d-.C..u._...=...U.4..+/Z..4.Z.sA.1.O./u...'......a..8.F.{V.".'.`./:.3H.Db..t....|...o..X../.1....o..Y/EI.-._..'..y.G....!...#.x...K...3.c;4:.du.....=f%.o....DR.g.....H..}.!.%..KL..e16...z...T....o~3......t... V%S.9bgI....n..@9..g..NQl.....W..@;....,#....+..E..?.....S1.c....>....../;..^..?|}.<.<.n..?...y.-i'Y...d.}#..7*.w.X,=.%P`.H.....Nr*.......Z....&...7&z[..k.7.@o3..&..-.....V...N*Q..XV.....u_5.i.4.n..G<...L]...Q..c....R.-.BeU.e.5.Z....?..M.w..?..z..N.RY.E'.*<...od5!.t,...^u.......!..m......b../...E...Ql..GdY.MsT.$.qx...C...6Z(....k...4.....C..+...;~.>..C.i.W5..^(....v18.vSg.`....h.D?.2.^*.v.......<E.8F>..._\;..;..|..F:p...0.JqK.U.........<..8m.f~.<m..[....,#..hQq.v...\.m..f..Nt.u3...O...p.J..v}.....`.(GPM......[z....u

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2021-06-08_151949_1870-1764.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.5343747940213848
          Encrypted:false
          SSDEEP:
          MD5:3E93278DA76676BFB01878EC9B4AFF33
          SHA1:E6BD89BC897DBE72FAA481AB2CC187BAAFDE79F1
          SHA-256:1520147E58E870DA88433768DDF23DC3451FB698872DED4AFE02C060B000937E
          SHA-512:72BE4B36AACA82B9BCD5BDE8BADDB44BE319BA959671AA6B9C9724FD02FF87DCCFE9F46CE8C101E25BC9466DAF08BE9C41714A5FACEBB8BD5381CF0DAAB3AC25
          Malicious:false
          Reputation:low
          Preview:.;.`T..\).....~u.hR..1iD.Z.. ...|...?.cu........A..;.n...-.\........x=.0d.g&0b..)6+..>>&,....Pp.Q...?z;._...!0...roP.MF82...@..s.k.....`..P...f.2.-h...N..$..L..4s.b7"..5..<...6.1(.U....u5t.~M....R....<I....b..{...C.E...D.t.....Q.i..c.s.DNj.W,.|Eb..R..T..`t%...WJ..2^G..,......-.d............#....?.W..j......G.4.Yg....PL(.-...F...#...k.5.I.s...w#t...g....T.vB.,.tb.|~..:.-...D.....VvP.D...%./WJ..D@...oY......N...).@...#...w...Z....9..k.<|4.%..H.K`ZX.gq..q......m...$4.D...-.@.;O.....5....F@..8.^.B....C...FV...@.....q....7.D.OZ..xx.#....s.x*K..$Eng.]d-..B..eB[...4.J[.U.Gw.f.ASF<....qW6.......`.Q"......J^p...Nk.....?.$...T.&z..`....0..F.......s.6.v..Zq..@..d......v)...z%...z.K:w...5.._u..K...7..b.~......,..KkF..D.C".m.F73.FWS.... ...%E..Z....|...3.}w.M{..PR.....O....E..nH.U3..95u..x._0.s.D..k.L$....K..:...c1."i2J....e.....&...8.......q4..H......h.)......../oe..,..d.E.e..*k..T......E..2.C.1..A..-f...b\7.X#4r...E.3f6(.h.`?...{..o..C....

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2022-08-30_134420_d50-18f4.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.661620360037442
          Encrypted:false
          SSDEEP:
          MD5:B27182126CD8012589C711FFF4174F17
          SHA1:2F236BAE2C3746DD7B2C8DF7CF217544CCC245DE
          SHA-256:44F214F7BECD76540B395F628D0D0540AE595008EDC4798F51A16857707BA0CC
          SHA-512:87154AE3CFE781EDAAE324A31E8916496698299471409CA934C48A2FE477F4C587AC7AD9BFA1CB0A8FC5352C9F0183AE0B17ECEE13B3FE9AD3BBFD4499DF79D5
          Malicious:false
          Reputation:low
          Preview:<..6.......S.2.EM..Z.l2^.w.......eo.;{9..`.....D..Dd...&..Ht.z..3.>..s.)6|..>\.J..c..,.{......RY".[;....G.r....LN.~-q..*`...e..oA.....B../..#.yV..x..r.s....3f'...C.....Th.."....y...P.d....l+...V.z.../.....}.....wd.V..k7.MF9k..""HTT....i.n.ka.;..!...|.........{..~.<.pB.~x.6l'.D%.J.C.0....C....SU.......%.B./=....{...._..M!?.......].a.k..u.6.k/.....Lo.A..d.U.">w+.../mR..'-k....Gi...t.!I&.j.v1....Ur.TK.;.C3+...n.6w..T,...@.S....8...s.R.J.bx.....Q....T~...m....m.T..Y5T....KK#.6xMb.0..)#'......x..6...x.=.j.Mn.&.:...e.....Q+.....d.V.^9D.!.em.b.....1G.c..8....4.}c.6$.Z...U..V_....e%.ir.....*T.I.eR...m..1.2......,....'E.V=#....T0.s!Z.da_.a........x..(.\.P.,...3.~.k......@..jz...s..#.I..........O.'!3..k.!l....yj.,..9Z.....y........5.8.-`..%A....reL..a...v..D..HB.$.a.D..$..P..ic..XB?.?.7........1.D2u.)XS...._.2.y.....h...3..R....g.<..{.z.. .,..2^.&..0(6....C..a....G.=...y/.D..(a,..oKQ...3..n.._.!..t.=...]...k.lV.+....\..m..........h??.~...c

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2022-08-30.1344.6968.1.odl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.3961007368478465
          Encrypted:false
          SSDEEP:
          MD5:D5CB5C68212C93F56F6C2C9B0D8EB81B
          SHA1:6A26C3C0C8E1E3A7D374117BC7486E47D6E6EDF2
          SHA-256:CB8ED713152AF873A2829409F577502E05EFABA0D9CCA1F0647C06046862AEFA
          SHA-512:A1097D69DB2C8B96D378023F8858F7EA81273795905DBA61AB574A534B9B3A47A2B056ACF6596549AFE0F3850844714416B2DD74C89782A0F8B3C9B80FEEBF07
          Malicious:false
          Reputation:low
          Preview:.D8...........9....j...A...F-"....H...^.....L...XW-.l....(......Q.*.K..T%.....O}.Z.Zo......8...#..~....g&%..k.2\2._5".....6.C).....A.....@..}e..........;.1.|0.T-w.......O.q...pT 9.BS..6.)....c.....N.(..P...P*.P.j..A....w..B.@Fn......2PC...d&........3..]...QH2.dj.Q...<e..w.P..p......-...~...i97G.p...z2.K%..h..1.x.q\8e.m..0#..5.....).A.it.....|....9$uF..b...}.99....NU..D...j......"......E..e.@.c._{..B...H....m,.qe......R..%HM..[Y...UG...x...^.y..F.F.IW."^.D.=....Y...`c....F.}.99.H...:[.....H.qF..C=I....5....Xeu........?-.....bS.."....y.2\..........YQfX...3M.2..L4.&.f0...%q......Q..YpcYP."...}...#.Z..a.A.P!..*G.V.\._qC8=cKV...^..SeSq....yB..5.c.8.7..~:...K...).P.j..HI.L..H..m.mj.........p...Fqg....j.U...b...-)*...bGUSb.I.nlL......0..D.j...bl.i...K|.@{....K....S......%.....H....tm6.......rD...y.qb...%G..*a......i.f...(9.S..._.{C...L........zo...L..J.j.:lX.B. w....K...p.6..B.J...@..=.IQ...8.s^>i..+F....V.KR..g........Py..^.Wg.......E....]V .

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2021-06-08_151949_988-170c.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.975309019939285
          Encrypted:false
          SSDEEP:
          MD5:093737260DF90D761B752C1316EE8A91
          SHA1:A47F6B00E01CDA637EF6FE821A50F64172B6D4A4
          SHA-256:3835863ADA724F0234C78C10C92683DEDB3E66F53D044DC153B8BBA1F62AF674
          SHA-512:095F24E143939BEBD037C16AD7D79D1424CBA44BFD39E6B190137338EF3903EC708756107375E69D4A4AAAE7DA21DBA737B251E3F253A726107421847A254128
          Malicious:false
          Reputation:low
          Preview:PCJ...<}$.a...B....C..f..D1%.....~.}..c..?....;.l.uWa.&Q6@:@........,..GU"+J.Dv..uH...........R.Y........n..F..?...ux..-c.1..yZ/c...1`..N..Rc.......'|......A\..Rfu.?.2.?"1..Q.....h.g..YO...P'.J] .b.%T.M.>-..(.....!0..$P.^+..c.......R.o:.. e0.....Z~r........|........x....M%..~......T.Bb....t...N.#.XgV..v.GM..d.{.....K.wj.......6G.GA..ivb1...e...x.......%Pie...@.Z..."......[..u.'=.Qdx./X........"$...s[..r#.c.}....g`.a.p...a..C.$.....nO0K7...#4.....5......&.2.....h -....w.k..T.n...0.>y...@f_>..B.o.....$..U..6H.}".1.)..'..Qv..........}.1d.P...~O*......%"....;..:...r.*7b....8#..r.%).....l......hwlkz../8O.A(6...;.....Dysq>.!.+.N.aE.....%.o~.....`..X.....W...n.7p...Ye.P.tyG...Fp.....f.V|w..U;.a....a.............M$.2$.m..]....G...hw.K...Z'...K%.M.}.....!..'...M+k.P..l6...7u\...).q..T.. ...Qy....K..i.2.g...&..A./..(Q.=m|^..;$dHA9....a.1Z)d.v.4"..Z.?1..>...7E....Z5/.. ...-e.....:1o.....X..(-!../.`q.m.B....qj.Z.,>6..G".....b.;$...".....AH.^..!C..P.j..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2022-08-30_134420_1b38-1794.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.07271121591715
          Encrypted:false
          SSDEEP:
          MD5:0385E009C651C3FBBDCDE256F306F200
          SHA1:418AECB1A719641343CE98DD801D0911C69CAAB3
          SHA-256:692EB296C0B9822AFFC44A2643380ABBD5325E8296B195365F91D8CACECB3C59
          SHA-512:198CF18B178AF349E7F0042EBCAA509ACA6C36844CB6CA246AD5E4954CC036F5C661912BADE18160AEA9C0A8AC0C162E5F5E9168DA1CB6D1FBA71D8599927F5E
          Malicious:false
          Reputation:low
          Preview:..yt.U.......Jn...a.....z.+t.K.&.U.!.V.Q.in>aM..wD.9X...R......t...'....-R..EJ.6.i...dZ....E.........v.....$..6...1....?i......5>....j....#Q%.q#..*{qN.+....-.......%..o..;..)"..$D.].e.L.mb..S...O.{,..1...7..5'8..C...z.>>.. )r....S.#.....y.....Y^......2....NG....W*^../.+...7..q.y........N.2....bo.(..)...F&.....e:t..I..e.tCN..Y?....:..3.F.a.......n..F...2..,.f,..FUP.V7.@.. ..E.!.\U..E.(.{.1.......Z].rZp...>.>.g.W...Z.N.. %..Y.N...i..A....B....$.....X0W....(T....$..,#..Pp...A..57A....--.]\>...?....Y.at-.n.qY...A...<E..n..=....\".."..B.g.......K..fM....Fl....=...<.k.N.t.ZA....h.r.e#.y..~....4..g]....v.,.o-......@...<..R[.f3..P...~..'...L.1..J..4...kP...........#...j..}u.....|..{.......$t.T.......U(..{E...5<...=.........4.k.5..v`Z.x.`...TK.?b.m..r..s...l..W.....y#..K..=.;...B..+..pA ..:.`a..=.P.[.b.&.;.K.G5h".$.l+..~..Y.k.../)..&TFG~.*T.P+.4 }4..x...o.\S;OA.6Gj.c...5.6.]P.b....6.d....M......H.......uH.7C.^.9..\.M.ay.i..q..`.0..v4...xs

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2021-06-08_151936_758-8c0.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:PGP Secret Sub-key -
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):4.550329553987185
          Encrypted:false
          SSDEEP:
          MD5:3589B999051CE5FA2E49E1CA99E2D431
          SHA1:18A578533429A298B6E92E37FB2E7AA312E904AD
          SHA-256:5807E290362AF9C7797C21301A01C7BCF2358CD067D70EA76092BA0E74D18079
          SHA-512:AF990534B9FF93FE18D80B9F91729BC3DEBE0010DB4C019D565DE224210A1F158FFA3E4B44275642BEE13F493FE1B55ECE96E66024BDDA0FE27A08039786CAC9
          Malicious:false
          Reputation:low
          Preview:.`5..J....O....(.._...-.c.XK.$....b....<.~...iuQ....d...y1..D.t...x....l5T..'...g.(......1/c....]..`o..BE.w.N..E...)^....?.aVJ..A..._.......Tu.........-....A{)..w%.j..R....;$T.h.....2.....Q.(jz..|.|....m...4.b.9.X_B....yj.,3q9.........v....x.=y.h&.z...7P.$C...":w..%.^.d.....o.L>]F>x.1.z.w.m%<...P^..O!.B.a[....t.0...........}..B.Emr.2E."87...]c..<.0sQ.d.\.g.m...<*..:.N.W......).Es.M.K|+..1G..X.....8.@.*[..q..Ob..qJ.s.&.*v..0P....0}..5...F..-..U(..n....}U..]..@..W6P....*(.6.S.L.....!.y.k.Z0./..(..'.{.J.....DV...Vo....7..>p7.i...i.1...>.v....Jx..ST9.}+........$.i..,A....-.G...*.B...["...y~5..O..R .^'......].....2..bro$#.^Q.#.,..3.[;A^N.u...Wa..`uxi=xi.<<..F?..8u"...z.t......5[{*...`..vB.E.Bmi......4.D.........i.l...I0........Nz.}<.....=d.....ef|q..7...<............~...gt.%){$.x.B.I..d.....~... j......~N.L,....*.....0G..7n..a.y..q.59@.c......Mq.Kg|.c:..z.c.9{r.D...."...eFA..H....T./\......9!._..r.-....}*..f...|.$..U.)b.+.%H}.5...A...>!.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2022-08-30_134404_15c-1578.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.374468567324067
          Encrypted:false
          SSDEEP:
          MD5:BC4800E8805CA4684F6EA35FF946AC89
          SHA1:4F9ED9761DD85B4F054F39564A72439B5AA606A7
          SHA-256:68F0206911E677B36A54444C05EEAD2422732A172FFF277E1B746E391A8864D8
          SHA-512:857E358BCBAF67EE158653041FE6F3E0A3125A5AF62E0B1092CFEE1D4885AE1660405067381ED95C11F34B9A2BFB9D18CEA55422F01D92C4EE956BAF749C723E
          Malicious:false
          Reputation:low
          Preview:u.}...t..h".....E.7......p...aP....L.#.=U.....Z[I.@ .f....~.a.ogC..J.M*.D..Qta.**..%.k...\.J..z>.{..S..N/S0X..q..u3.d...1....hcdV<........u.6jP.X...|..m.M@.u.V...45>.r-S.{!.7>W...H.S.).7..C ...wD+..-].......h6n.l...>. .T.....C..y..0q.h.]b....r.M.ZDA..K..(.N#.:.y.Q....gsT...F..i.1..e0(.....HH|Qb.....u;.....u..K...|L..m..[...0.s.v.i..n.....0..0.).Y.&.u..{&r...\....M..`...'.x..I..B.......v..8....w4........x<zWa.J.(...,....B*.k.N..2..........P7.Q.k.b......GN.FcU.Lu.]>.!a.....jC@....EIa......B....( .I.gul....v.Kl..gx&..m.C........me..|...D....K.%..NDR.......BzkE.Yv..uE..............=.Ch..`W...zr&02.....u.R...1..^..2.F..l....<......rTv..Jl.;.Y\Q.....a.o.euU=..*.....*c.Yf.K.iL.R....!.\..G..........g.....I.)^gv.^.IP.....>.........dS..:...H....%...h.B.D..H.U.....9t..On:3.KwnU.7........&...(&.Y.Qz.Lr.0H..,.\.......J....<..7.mOi1..S`vm.C........Rxf...|.....25...}......S0.... A.\.D.^....._....p^..k.zTiK.....:...... ...w...E&Vr2v....S.e.....4

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2021-06-08_151133_5948-6556.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):17792
          Entropy (8bit):7.987936375778521
          Encrypted:false
          SSDEEP:
          MD5:539F85E63105F506C26FE08A71042007
          SHA1:07C5004650D0495A2D0E371DAEB003C1C7A2A3AF
          SHA-256:766C0600E6257DF249A614FD6B1260E216CC64F950B6B9BC5BC52E8A54539261
          SHA-512:31C23B92F1E99F6B0A12FFD523185323E3955C511804245F997A18B75AF35DF526DAB5BD544B91F2D5FF72D7D7E45F73CE102D2C82F63C4CE8FEAF8272E89275
          Malicious:false
          Reputation:low
          Preview:\}...1.....S.-..'tu.F.K...7..1...iT..U@.y..dkh.mk(.._.Yy...Sz.!z.|.C#'.M.V.B.H[.LD`.3>4a=&.;....?..;....[.......A.9..0Zm..'p.\J..a..)kR.u......I[....G....!..M|...8R....y........31v.2..6.*...e!.oU.....4'..]l..q>....@...g.W...fSf.1......YZ&{].i[.....1.E..1p.Q....W..tni.g...r...-R...?..<....2..t.t..F....8.....P*...b........%.8.q..Q...0....xU._.':?vd..(I..X..*.]z...g.....l... ..u'.8x...y..5/..Jp.e>@.:......B..,....IC....O...G9$*M.....o.....@.DR......k.(H.p..T...?[.2.PD.[8....L._..\.#X7".\P.v>.;...e.:T).[3:AI..9BI.Qqw..x..g.O]...!.S...m...B....PD^....0.zH.i.;...........M..bL.<..0.Z#...:..=...4.3......]....7hLK...].....:.........\...x.|6?..F..MD.s.zlB...y.........p.^.n?y.3. ...7.9....U".pl!.rQ...u./..EB...Y....k..2..z....5:...:.!.u.|G.a.L.-..../.x...q.QV..b..@r.YL.?.!.5x....2.a@......v.S......H.%/'6...".J...W.7A..:.x?C.jQ.>.+.<.Q.[.#Mso......L.....c..Nu.v...nD.8.}h.X\(.[.A.@)....e+k ..q.].....H.]..pwy(.....T..._ P...h.L...<..l.S/...c.O1'....V,k

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2021-06-08_151708_6052-6056.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.2256096751304129
          Encrypted:false
          SSDEEP:
          MD5:D1EACD5BB0F0493A9E84982F67E0D569
          SHA1:098BDBE909F2BE01712752946BD46982E0D176F1
          SHA-256:9918D9F1CE3740504C61B5E307448236A318875443A8BD4DEB685ED10B3E64A9
          SHA-512:D0A58FECB2FD6F3F7FDADFE941EB05D748E7C8F961C50081E19057CAB1B1BE2739F4AA742A4D17B5A2EDEE4942F6C2820B11D623B617C47200ACD5F5425693E7
          Malicious:false
          Reputation:low
          Preview:......O............s.V..:.>..1@q.o..m...b.E...q.u.3. .Y)HY.^2B.].?P/..|.XQ-.-=...g.......a<.o.....;?..J.M........9.[.*u....C..%@.......l..q.H....xnT.v.~.P).+,UmF.N~o]..."M...;UZq].~.....?.Vk..d...jT......Uc"...\......*..ZeD.Zc...dU.#g%..F..q......y....y.N.:.........H.Du.c....k..#6.>.....7.~..\..;...]L9.....*. .i.*=.J.).o.......+.<...T.Y...R.iD...`.dl..|?.....x........9<.Ug..1x@|......|!...T..2.?.........v4.)..%.....t+t/....1....'............ .9..j..{gA.6h.8.&...H...Y..K...`.S...u..A17.LN.ez...2..~...C....F.....8f;.0".d_hC.O@J.m.T..:..?..Q.6.+..>....9 ..w6CN.~..5Q.4...*.>(.^X.Y....$:.r[....hfxJ......_....e.....3....Y`...........A..F.....!....^(l1.....&..Q...KDm5.P%3v6...*..^'....5.x[.7....l8.).v..0!sd.Z...I.q.>9..S!.Y.)p..._.?s....Y..T.,3..Z@..i....6..t."..N..'....3J......d.P.R.A...`.U.] ..-.8!....^|.q.)........).a!Mg....s...*h.xp.Cs6..B/..l..!s..[[..9.6.......q(....n.......5...._MY.f<Mtp.Q..R.......vf9...pD:4...!Gz7D.pNPr.g.>! ....v

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2021-06-08_152116_6552-6556.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.6069408143637888
          Encrypted:false
          SSDEEP:
          MD5:6C475A34E0A346773034F1B505155A3E
          SHA1:9C233904BCBC51F9C52E9A43785AD8B7A4B2D630
          SHA-256:4A1ECB1E588EACE98B46C42A43BF1F3560F296CB412AE5C2979C5D85A5225699
          SHA-512:1D962504C85CB77E75E85B6C007E98E2A8CC65921174E2FF7C1ABAFFD3894D8ADC7BE5CAC014D8228B84554D17D1DE4D808E370B4AC2763BB1A37CD1679606B2
          Malicious:false
          Reputation:low
          Preview:.[..p..18^.......b.<mqE.....g...|>.)`O...x_.Z}m......6....V ....^.1R.*g......s...=..w..!..g..<b.8].4..X..v}F.mk./...Z^e..:".9s...-1.....cJQ.:........;=.gz[..........lp..l.g..{...HS.[q.....E^a.....E.k^4...j.\...(Y.B.t.U.|.....W....,.....T.[`.3.hW.2........VYY..\...r.....b.r|..`..d....~..'2+.o.]..A.7\t0G,.S].3RU4Q.;...st.,.v3...AL..RyK&'..f.g..5...9....1u.6..CK.{*m.QgF..c..+....V.P.~...S)...).L...2[R..u.}<....H..[..'...Q.....3}1%......*q..`.-t....'../T..6.+....{.Y.....P&`.~\.0....?...._F..a..{.7.j.._$.^=..Uk.Q2L........@o.g.=7.W..I.w.V.$...qR'O7X~ds.......c.?3.L.~.~.5.#.....>..i...:7.K.:...F..0.Z......_....1^.........K...?T0.n.&Q.y....,..?.G.*...a#5K~{...#I2Q.6...5......{.\....2;..m......b%.05....'..F.....i%........J......[UzE4.Z.,.o..6.....s..S...d...M.2..H..`w..[..o..,7yD_&^h.8......m"=|".>~'C.%..!.|Y.."..{.|....K0.|JJ......R#..@.t...X.&.......O%>G....?8../?Y.y0%,\....|D..\n....RhC*....d[=Pyg...U[R...............Y+&fP=x..7a..>h.{1H..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2021-06-08_152238_5188-5232.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:PGP Secret Sub-key -
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.6054649566218998
          Encrypted:false
          SSDEEP:
          MD5:26679F37D88C255226BFB3D8C1C266B8
          SHA1:EEF31D2BA729866378572AACEBF596A4E3FCC05A
          SHA-256:6A13BFE4718B6E7E30DDEBFD7B39496B38A09E6964DEF991A21489FD2BA91845
          SHA-512:EEC1105B452FBB59451EDACE7A634044A41CA50A977AD816966759D0BF40C2BAF62205FC6ED2CC8EE94DB130A949EE4A1C635AE371B4B93A7ADC7FDA91F00B87
          Malicious:false
          Reputation:low
          Preview:...^~n....\.u.OW...=.......V...4"]Z.R!.j.>H....f....."......E.>....]..'@...X.!...R..O..qo.@v..RX.y*v+cu..]XI.>..#..>..f]sh...;_..A.......B.....E.p$.......Dw...I.]....@..q.QW.Jqx=.z.|Z[w..yh...2!N/5mq.....k.d...5..p.......[.`..].jSa....z;n.....@*.f.....F.P..W..E.2E...v...9N>9.....#F..6.X.N.A.1....Vo..z.8<\...S2...z.......~%W.2G_..rl........Z....]...'./...Q.G.`..wm....gg....;..!(0.<.x.g..fZ.T..#.A...._k.P._..R....&$.1j..;...[....Ou+.}Ty.bY'..."...[%..o(..j.....`..e..]3C.n.t.8q..R.Q..y........1,.+.$.D..7r.*d`...!n..X...?k.9.1.......3..."....j.{..h.....j.`...j.M..*_.nA.4...V...%B...+s.t..n..'..l{.v..'.^..j....k.3'L .e...e.%..#......P.x..;...Iu2kU. ..P.Tq.v...8.../.1.o[4<9.kTZ...9.j......i.!'.SSX.H.=.v..b....p...Q(.L.'K..?..k.k.......h....v.......S.V..t..t}..K.....ju...Y3....^d.t.._...q..I#._..@Q.ax?AN...@~.7W.g..S.......iy(Bz.;\P..@.?.Oi|...0..p.@j......nR...T.......D...v.../....nl9....~F..w......Y.q..}...|......P....&.y%e.."..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2022-01-31_134325_6072-6076.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.1624305486405713
          Encrypted:false
          SSDEEP:
          MD5:ABFD88193C387E48EEC1851798AD3163
          SHA1:E4200C160E537D6C0E6B6451AB1A01B5671BAABC
          SHA-256:0B48CAD05F1B3A726529B176C3E2312999FE1CDAE7910D45271ADD24CC2A95BF
          SHA-512:607B217BAACBA24AC5D299D9DF3429588F45570C7636925B7CF59962752EDFC7538FAFB611CBA2E6641099BAB0B5EA24A4FBC278140F87241BE2832D3A8D6CB1
          Malicious:false
          Reputation:low
          Preview:.4.nJ<....F0(~...0.qX.._.n(...>..8"...I...#}4S.6.G.n..B.............Kq.3-...<z...%lSE.......O6+..M. .....5...;6.X.80.}..E.."..e=..Cj[aV.....H.z..7....&.h.n.S.B....j~..l+Y....w..L..x.........ZC.GS.&.<$5<..L..m.s...e).j......9B.g+..z`<".,.G.&....}..#f..B9.4.b...TA&.Wa"...a.y..... .r./B:.Vd..R.?.2R.@.4...-].. e..o.H..6}u.]$`4..7../...x6..%..Y..5..a1..S.~2.Tj;..............B..1......Xawk..G[.WQ.....}\....9.:..".&...u.!M.......H.......(.>.9o......*[."..MBy.e.>wPG..~.5BA..1U!.u.^A..k$J.p.Y. .s.....!.zH5M....C..:G...v....d".F.uL..+..0.t.SL|5.]. ..RY.=..9%.\.>..aM...}.3..z..2Z.qt.O.oqf...$..V....V.=.......s.j....z..{.*.....I^..3..]P....%z.............K.1y7#..:.7.Q...^...:=..[G../1.'..?......N.QQB...zM?.U.q.+...nR..;.A\..Af.........r..Se......|...b.@v....?....`...gN*bj..U;.,.....a..>0h...`g.k=.h....0y.s...R'..x..L"...S..X..D;D.....9P?>...+...nvw.t..>,.....z...V.,....e....S...~*8p'.+.u.C3b...^V...._Z.......".w.o..^:.cU......LW....zl.....q.T........*

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2022-08-30_132736_3988-4076.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.034701587939566
          Encrypted:false
          SSDEEP:
          MD5:D01ABBC3E4A09CE0DC987576176ABB7D
          SHA1:1F74D83B76B06A3F2D7451558F55469F51600119
          SHA-256:2C95A0A8FD64179218D41F6ED1528C27A6A0BFA2CB4CD2B8D59A45ACFE1E2141
          SHA-512:17DB1363EBA1DA666F4574C84201BDD6BDE3E1DE091E61D827021C0D8141E6BAC3B07A425013E9A1789AA104E0AB12AC14212F321C84B8D931B53ED2AE95BA9E
          Malicious:false
          Reputation:low
          Preview:..^.J.+.{..{=...b..M.X.:..."D.k./.2.>.G[!h..e.\ ...m.....R.).l.../..L...\;^...tq.#..2. V....L.b........KFNJ..N.0..U..Nibur..............t.SF.sn...a3.I.`..S...A6...N.......t`.....}.$..[..7...u.&X.|V.STLA.|....~.#...%A..qK.. ..YP|...\:Q..H.g.lQ/.....7...SWhi.A.'a.b g]..i.l.....A..gq...T...(8..]...kF..".;.GV..$..g...=..S8.....=:u.)...C.5Z.g..=....`...;1.S..;...M..$...z;*........$%....nG".z.\..i..%5.d..R...y.5...68...H,K..c...'..Q...2.I!Q.j...........|.O.....:.1.N..h...#..c....t.r...}TX.4.q.......fu...#.4...f.3.].-.#..PQ.Y...{f.'Q.......3..1x[.O..R..z...S.%"].,=...L..I.9.._o.3.y{.6.tZ..(........ZDW..w0..Y.4%.-(xCo.8.......... ...........^.v....Y...E..P..b+..L....L+...=..f=.T.{.]..M.+....].V..s..K!+./..t1..<A......m(...i.......w..5...(.n<...6..".[..q....a.U. .@.@...O....4Q..M.D..Q........X...s9[.%.S.:2.B.[.....J6.<./la.o.}..........U..C.!.6B....\...{..N..Z.2'....X!??=...5\/...G...R*..\R...."'8...Y.+t.%.D..z.......d?.JLs..X..'..l"...)T.....|.D..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.4499759570458988
          Encrypted:false
          SSDEEP:
          MD5:5A0F1A7A2895E5583D27FC98CC7E9B9C
          SHA1:90BAC64FA7C62492E808823909A57951EBE6D777
          SHA-256:FED2CCEA843809BE027167DD927056F96D574771B19A376326759031CB5CE635
          SHA-512:AD60DB783D083CCF94EF17BFC00F4FF2A4606E4D888A6302A2DFCFF8C5D07534EDF3FE16359687038A0ECE5944F3CAC9D94626FC38FBFF287A2BB9C5E521407C
          Malicious:false
          Reputation:low
          Preview:Q.d.y.,p....b.^.WTU.."..I..\..ez.Sq...C?q.......`...;...>'..2C.!.0.j-.5O...A.W.7Kd........>gt,..0.A.2...]%).$.^i..#.A..*..J....k%Q+2?Dt;.^(.7A....c.*.(..........w....V........u#....#h..7..|.,...B......I..b..].*Y.....(..KM."........t..]E.OR...Y.qv.=.b...&<...J.W..o...$CXt1v3..=z... 5.}'...Cn..0(b..W......;...ry.!p...0...2....w../.{.$.]..d^7-8bA.tw..M.pw..&...hI..9....W_..&(..z..G....R.sw...S.9......b9R...{Az...8.2....s#..H<...w3^..D.+.......d...............u.e.n.W..1M..Z..@.I... ...).&e'...L..K.Zs.U.R.....}*?.G..I.E...+......:.ei.9..1...B......r..-...N...Q.......9V.."..c..K..{.0.Bf5c0..c..}+^.E.g3...W9(fxi..1...Iq..c...L....i.&3W...w<c.$.Y.._<1..y.(..U...:..Pi.=6^..J.sW.J^_.2h..[..v6..~n1......._......=Gf!........H1..M...p.N{..^5.d&..l5...^...h.;..7-.......Uc.%C..&Ch........I.G.U?..C.A....N..dV.B..:.<.$<.xR.5...}...{.$.~.6]>..d....T*M.AX.m.>1}...d.../_.7&e..Ps..%!7.^.A7..6...3.E.....*:3.p.N....c.....xFv\...]n...iG7.b...r..2S...

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.451196555565156
          Encrypted:false
          SSDEEP:
          MD5:76BE111D02E27656FE6F3FE0A6EDA16D
          SHA1:35D97E90DA44A28D609D4F6C55FFCF4616D951DC
          SHA-256:8AB2D371791B255EC517B5FB7B71E7B4E543B3113859EA2A8500253546DAFFB0
          SHA-512:2164294F0768A7D427F76EC17ECC44CE04BBFACEDDB853C23C82EF01F1324DB25EF18D311B3A56275466E81D8BFBE2781596D7B45300A0F2FB6B119307CA8B7F
          Malicious:false
          Reputation:low
          Preview:4..C.....M...J...c5w.J.s.:....X..1.\...y'.j....m.|a..^.}....u...".......`S..h..%v.W....6.....Sh..!P&.r.f.X.....[.1..X.....=.j..~..*{nr6.w.Y~...\.{..r..o7.N.VUE.j........X......n%.....f.........Bh..z..+...".|2.?^_M....Ysi.A...(..`..&c...........].PP.....F..*...x..:.S\.Z.`x....Y?.c6.Y1.6.[..q.(..!..?...^..[...l%...M..[".s.</....x...v.P@............u.e~#..d/.6u[...:.ey._.a..,]....UC..$..{.&#f..X..._......q..o....u>..B...$..\ev....>.......)?...n.V|..].=X..\.2...J.)....,..mL..........Ww.'S..U.....M.....p...4.....jx.J......Q.TKs..}y...4..7....6.qw..o ...... p.M.L......}...b' ....4...m.o\.Y........nC..>...,Nu.J..0@N._...K..q..MtA=Iz.......w..*D.n..;.'.8\....kG...!.(..Y).Qt............".n...5.........;.?..^e...u....4e.....ii.g....E(-..lZ.4-....n..IlaM,..7...cS.[ ...b.~H..SP....-.....,Vq...Wh..).r&t)....iI.t_Q.....>...5/_.....>.E..w....e...:0$.........-y............^.}W.;...........p.*. :*..AG..z.y..A...D..+].P.J....S$G.."...Zl..,fVO.Z..Y.a\.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.45133281567179
          Encrypted:false
          SSDEEP:
          MD5:699051D4A74BFD7ABEB59783CFBA9B23
          SHA1:B2B647F17217522251CE1D4F38957E1DE0DAA9D1
          SHA-256:95FECB3B96307D9D5E4E841D51CB186EE9F2746973895632DFDF15ACC80AD586
          SHA-512:F41697E89B5DD0405A979FEF4CE318C14304E3327B75ECA89E964C1BA9BC1A10A49EDF2B3C4597C0EE1CE7553E3CB9B21E5D42E7B4A702E1B5E10BA03546209C
          Malicious:false
          Reputation:low
          Preview:.f..S..ncAY..x.^t._~C}.a.[.A..lW.,....5vX}.....\.....H..&a.<. ..F..|..M..E{.L.....A..^n...;..5}.NY.#.P../.3g...bY-(.......7...!g.5.@o...=R...N.4.Z.aSnM...C..9.m....SR.\.t...*D....*.X..l....]..I{.}.".......D.U.\2.'.;_...,.B.e5.P.<>y.b.[!....l...Gz....k...;..G|a..60H.|..-X....._.u.....V...JJ..i..`....B.......i8J..G.{.......0...G......h..Wz..l..d.x.9...Y....qb..P.......h.o..qO.H...^..G....m8...N.w(T..a...\...(EOl...O.Pa'...............).%..B.N........Y..@B>....B.uM....h]|..-..C...#.F...k[.......-...st.r.....F&{.)...K..].((m/l."=~..yh.d.J..5.....e.[..:".yUF.l5|.....w.?T...E}....,...&....Y.....nc..D<.../..D..^...P.]A.4...Tg?...g.\.[2<.#..5.....\E......no>...D.....q..7.#^.H..!..Oo.x..<.".|C| .....;.h.......d.6dD'.yn.j..y..]u....C)........q./5..[..E..)me...{&..2.....T..w.o.?.u...|N..I?w{..;*.U'...41.P......i.D..C&".qDu(n.4Z.]a......y..>#._...I`.ZWT.?.8aQ..P1.~.7...V....LA.:..T.@F+.....^....@.c...'TOp#...N..!.....r...u....#%....EM.m...

          C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1536
          Entropy (8bit):7.872069089861404
          Encrypted:false
          SSDEEP:
          MD5:5B20A3F6C06D37DB6FA2E5DF3B9D9DFA
          SHA1:97D05501FDFF04AB1869D6616136732744856032
          SHA-256:5DC547320F2CEA4B6FDA7EC3BEF701696846458C58987F67BF00332FA980A679
          SHA-512:E4CDA65686766D3A6428CB9A22B57A3FA263251E3D1968C9F359A7DB85FE1BD5F8D27B316711339378F29EA251B68FBFD45504ABC9DBB4FA131A21FC02984DB6
          Malicious:false
          Reputation:low
          Preview:w..-..........Yi...>....._.7O[.d....h.C.P..Wo....Z...vC...Z..0...H.m.7.7......z.9[..c.b..C...~......p.....;..7.3.........D...]^!....*..`b...R,&~wp.....C.{..z2!3...F..&M|a...6.W.G.{&)...O...:.[4_.*..<..g..-....(.%..t.#!R^.H....K.v=.J....Y..wF..4.T:.*... .......p...I.......33....12+...X..+..N.)..k.t....H5..M.n..b.........f.LPk..T.>:......Y...]s.Yj{......x.J.h.Z.^4....lD_..X.J._(..8.....^...|.&b....].....kRl}.....;,"..~Zu.$#72#.^...J.[k....:.t....=..5.%H..e...BlGG....k.(....Ol[.....UeP...}.....R../O..u(*..c..MC.+.].}....(i.9y3.-.....2A.O?NG....p..3j.C.c..s.t.4hH7..*W.^.&\...}.D.T,..".o.[........5b.[....-_.....%@F.XZ?.....x...:OG..8=I.....g<4Cs..d.onz._..O.....s.=..b...D=R..%...tD'.U..L...K.P...Q.v......C6..d0A}9...2|x[.......]%.@6.|.......W!.0...|.. a...:.2.3......N..p..i...Or.}.n.B....?,qt...X(.2...H..y2f..~3k.u@{...r.....#f.;,.....a'a3qP..../.:.e.|Kp.)..\..b.^!.=....E.5r.'zr....ENe.....6.....R..#.9i..U.$...~...uh.....Ci..|Y.q.}2..\.H

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):2816
          Entropy (8bit):7.924106454135018
          Encrypted:false
          SSDEEP:
          MD5:DE44DE6A61AAD1AC982F73F54C1AECAA
          SHA1:C008A8A8538764F5E17AB16697D88BF45B6E043F
          SHA-256:091943112217C8935236F36B32D763D4622CA2ED9F8D37A6DC5EB92FF353C402
          SHA-512:C512199473ADA29EA9708ECC609E20D51CC63DAAE33D029C3F23E8BCDA9130E799DF8B155AE3538DCE2E7237661CEF6FD0DDAEF74A1ADAE600471E76EEBA7D6E
          Malicious:false
          Reputation:low
          Preview:..].,.~....D..d.,...@.T.Q.tE..(.<<.........].aJl*.......<.h."..(Z.)....}~...O.$...A.....1..+..i...~.E.0{.w.......\.....A.l...h...../.B./.p..k..8.(.)v..9j....r...W2..g....I..+'...%..d*(.d.\{.:P..=1`E..[pc~..G-..!...q3.s"...eo!.qPQ.SX.}.U....]%.tjs..B..|....o......,...!g.L..>...4..;.M............6.d....>8F...7...3..oG.#r....p.5[..1.(9.[.5..B.{..f...{@.m.!d...n.t.C....3._...$..}.jW.,.yYF...).kx.;..d../9..............{.3F.F...l....%..H".-.I....j...A....L .7O.....KyK...r...xz6v.l'B.._...1..m.>;...i,..N.o2..0..m}z......L..ee..~..O{.E..LU...w.m..+..X....?o....J:F&..S..?.X(P..\...IG....D.'...uMN.6..$..|..^.....&T..W(#._....5..p.._:^....7.CAT....r....d5K...|."....../&.b..:.$..\.........Y._....Y..J....4.+.....A>.#;.Y]2...l:.X.>KmC....C.U|1....a$:[+...J....i..._X.gmP<...+m~4.:.........#.T.....B...(..m_h]_iLZ..0.....V..G.*G.`\.w.Q...#...m-?. ...0L4...}.<P$..Z......a.C......^.1D#u^..:.X............./.o/....gr4c./G{.+....n.Yv.`.. ...0J.DD..

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):3216
          Entropy (8bit):7.945710945984508
          Encrypted:false
          SSDEEP:
          MD5:F1D645AEEFABA5A36B883A4F643A8F77
          SHA1:3C713122306D858E9EE7444C99C48A59D04028ED
          SHA-256:BEB0DD52FAFCED074267670BDCE2F102AEBD5B3EFD9AC13D27FB862C8F854F06
          SHA-512:8D782BAD7D4E978B0949D55B9FC89B2251505D88525F3BBCD52F5CA162CBB5DF0EBB5AD6C10EDCB37BB71D4DE1E25FA4E535E37F334A14E91665CBC8A28AE439
          Malicious:false
          Reputation:low
          Preview:d3J....i....]..s.g.W...N..</........o_n..p..q.b.&.6..{..w"..K.qd6.b..=.%.z.L~Y....l.-.....2....{.y.54.m........l..d.E.....^R.4G.+.A.a.C.r.......s...".i.......k..Y....J[..........-..<2!;....J,Hn..3.+.w...d.&X[.2.xH1......qUZ..P...j.Ap.. ..../;...*.[3T.|...5.........P...........</.v.rF..0..=~N..(..Zj.....E.^..[......lB.Q.]X..e.6D.....R.r..{]..O..W..h.359.....>!...q.....i.}...............!o}.....5...S1.'..b.....zo..]4w.....A../.1.|.:....{..n.P....z.0%2D.lo..2.....UK........,z=.A.2....$.^G.;..R..Hf!...Q2.Q..M..(Z..4.A...&$........m.......Q;.....L.......;.D......-..t.e...4.L\.d..m/M..%...<^..2.>.Y.@a.Z1p.c%~.....Iw.w...=C&n.i..!,...dr..=..F~..T....o.6_' .,.'...)..up.......`..-A..).hP..........ch.z!`A.cpR~>.p=..88...w..c.M...~.......4.....4.....>....;...B....j..4..e...!G...Fr..^.\.H..3`....Hs.+..'w...)...gU..O...h.?vlW.......g=..6..>.'o....W.OzG.r..../.X.R......c.%...(.7....e.X.P..o..+.>JV./.+...0.C]......T.'....?%..-.....f..6.z......A".

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4432
          Entropy (8bit):7.954550666439079
          Encrypted:false
          SSDEEP:
          MD5:14B5470F1CFBA30CE1340C356371BA87
          SHA1:CC9D3579C81AA27E414EDF71D0ADDE8313D337B4
          SHA-256:B7EBC1ECB23BA99D4A6747809B1F99E23C610943CA261CDFC725FDC368B1F4DA
          SHA-512:62DFAF042ACA5F6D109F71B80C6979E0ADC1680769C902EC7E3BD3C245113F3BC202D95ADEE3CBA582409E4055B78C6CBD909BDF4A7ED4F225803F0F664F261F
          Malicious:false
          Reputation:low
          Preview:.A.DUY#..:...{..'D..#."U..A..............f2..Y}0U....*4..q....T./...S.$...z%?Y..3........!^...D~...w[H.........;..&.O.7......{..G..;y..."0.xP5..fm...kv+..L~..^.M.=....R.xH....X=.....E8>..D8.W@k. rpc.>.\..........%.......2u.o...L.o.+.....i.....9..*.+.Z....^..?..^xK._..;_.Y.....j.=q!..E..w-n.V.f...m...x....20......B....(...1h\.J.J....8l;.A.J..[..$...G.w...=_....G.4...r3.'f.<..c.y.`..."..^-.4*.....)qs....K~.67.'......GicC.....\B.#...e.....$..E...;....dM..~m.i....*-n#.Y.l....~RF.A..P..:.2..9..)...i.)..i.......m.....J......m..jm..H...W9T.@B.E.mY..?kc.2...=`........x.B.J@..f@g.....T....|\|.y..Z.W.7D...._.....}.i..&.PZ..h...g.C...]<0..y.......);....e..~#Y-...1......*.T..^TC-.Q......T....!.....1.....f_..L2..1..s.....?..k......>s;.(q...!..9.Za!...+IK*.N...Y..O....gX..H..0.E...AJ9"..8..kC.."I.kbsUEg*...Z..;}..Q. ,..G..Z...X0.R..8.......-.......^...NP...:...7.{v.\..UL.D..JJ...Qn..y5;T[f2*......%....z$.....F.....v.]K..o...uy;AY].....|

          C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):976
          Entropy (8bit):7.785204494590819
          Encrypted:false
          SSDEEP:
          MD5:B320D72442EBC9735730184D69EF4E68
          SHA1:6670206E94BDEB7D0FA7748D76D8F564B4FC2BCD
          SHA-256:F9F6E54255D27F3C26FFAF61C2D682885D6878405955B31B4F24227CA7AF48CC
          SHA-512:6784D2AAE7E7D4F978D4733C5AA56E1DBD5F62D70DAB4D8A2D472588B6E1F0D69799BB25C05B3231F037C04007A9B3741510004B49BC0B4360AD1066C168B6B8
          Malicious:false
          Reputation:low
          Preview:\.>B_.rV!.#.....]-8.......]..9...o.D.k.bT.6u.j..!lN..!r.........T.......3u.......M..K.P...S {{.-0Z.M.......s.#...]#..?f.......p..9,O....E..)......0.U.\.]vz..#...a3U...C.../p.#..W.........5_.'...b...H...X.....i.l.`c.....0.~c..S.....3.$L. ..\<..<...J...J*.`.y..(.e....T.%dho....1[...G..d.'.{.w..c.>.J..'z..9..L..{.>C.D..W.,P..[.E@.[c..J.YG.R*D.dS*..Gx....e.':.........z.Ev|N4.n.Z-..".N"..p...I.&....u~A...\[...#.q2.o.M...=..q...>!j...2.6....u.6......#.\...u.....v...A...`t.L.s.LC..h..?.;/....T.X..~<..s..;Mv..vN......lS..3.U;..s...Y.m.pe.p.{.....=.~..../.q..l.:....DJYN..'U....='l..z..p}.g2W.w..?......o..0.{M.pY...8[...m.m.@.>.....-s...#.S..zX<...t.W.....?..*...._..DlI..ZB=...0..o.^X.....$}.. O.vD.."qC.s..GV......x..^.C...[.5.....*...6..A........<..hz..)......!...4..^0..c%..>....%.a..au/ .3(ty..'6Z_N#;"s..k.g...........+.Z....'..Z.Jvj'@.........I* ......"..C!..i.k......w..^...>o!..>...9.*w...=Y9m...{..+J..U........d.......

          C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\Latest.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.581492656792755
          Encrypted:false
          SSDEEP:
          MD5:CFBBC0F69CA17E6CF67442BC0D924FBE
          SHA1:D93D5E90C889B2FD94D483D9542A3F041A3F3CAB
          SHA-256:CB6C412C18347A5EF7439784EBA5CD1273E9706C4D20324CB6EC747BA0414F4E
          SHA-512:AA0114478FE5E758B2152C1B50F96278111F267D9060AEDE8E2A8EE371241933723E76DD2524CD39275F53836FE680BC3729AB30F1F671712F3E2ADA3D86AB4F
          Malicious:false
          Reputation:low
          Preview:.0..)....{m..........E...m.!...~.f^mz.G,..O.b.?.!.3.&X'.6..5..}9!.......Ne..nX.j..|v........>.....V...v.@..i..Z..."....dC.C..&...k>..>i.........x{.M..8..J.b....?.JKA.?....x..<.P...%a..sbF.O...e.1...x...>q.w4..EZ.O..|.Q.... .b.`I(......x.8.}&;....,.f|..Q6..WL...,....3A.K/`.v......J;..U.v}c.....g.R,Y;..5fp...`.*...ts=.....D.o..Eh..!OK.cZR.q......e..'./..J.$4h...c...y...:LJoE]... \,..U.y..k...h.e.....j)......=....).T...B.....^k.a..ch....{>v.....~.VyCE..9..oC..`..%......W..~o&c..ur.E.0.&\.3..1..`........d.......

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\0287568f6b75a8de2d21278106c373f2fd10f5ab.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):6416
          Entropy (8bit):7.972638844491601
          Encrypted:false
          SSDEEP:
          MD5:8E0F2AB22C7CD896BBAB46245F601B83
          SHA1:731C4EF96F40E54E5D361B383284DA9F21BE6824
          SHA-256:7D104D144A8D8312054F0EF43B29D257D3DF6ABD205FA60AD77F6BA0EF92AFFF
          SHA-512:509E55E1A4F814876AABE9CAF76E2BCEC8080E6A49845C24B9D895790A5DF315CD5F31CB3D31127DF6B2511C60846B3EA2AEA69B9B6E03F61E1D03E50BDBF4CD
          Malicious:false
          Reputation:low
          Preview:.Q..,[.y?j.-..g}~.)n....,4!...1D..qo..C..j.QE..E......z.[............i..f5.;..7.o.#4. .y.....-^..~........_u...=e+...b.-m...X.. .Px.r..l...t.T..A5^D3.lt._w.....C.`!..YQ....!V!.C...O....|.....)..(......g.../lK.h...M..s;$..KX......|t..|....Ga.....O..{z.;n_Mp.....3.J..@-6d.e..C...Oc."...lD.uA-O......TYG.....V....Xx....].....p_.U..>c...F...._p9...e~2.?.DQm<.n..NV.I$~/G....O:Y..`.j..}.M.. S.\bh....n|:+i$.QX6...%.J8...3.(.I.B...;{.^2.o.k.......|.>M.n.C.R'.&r......!.pQ....ED...F....(.v=$..f.V=..!...M~)3~:.5x.....]..R.w......z.....%vo..Q. c.^_..C9.D....6.[..[.h<.W.d..~En|...F....H..(....b...2...B.........8.......z.2l...NQ..h_.;......Z....g..=:..J......J...gD..>m........BS.Y..$...v.).`......1[..dS').....>.w..G.QUR.gI.r.f<'...+^...3b.._...~....Q.....N.;..u..2>.'.5..Z...#.Xk...d.+...../...4V&.NG....q^...$...o...U ........7.].|...(;..r.%..R,.<........gk...PJN.....WF:.....#....g\.w...7....|.........S. Z...%"..`%.....=E......?.x7~d..3.HD.....

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\0bd5cf23c1a78fdd98ccbf96a05645392c65305c.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):7568
          Entropy (8bit):7.979184005090802
          Encrypted:false
          SSDEEP:
          MD5:F4A5B5298CEDA9B562C2054999DCD7EA
          SHA1:47D1373147105E04D1A476B9B6FFE541812373A8
          SHA-256:D0297DA78701F49AF0A7AE9D2F82BE18FB16537CA3DB021B7D446E5935686050
          SHA-512:BAFDCD0EB05F78DD0AD47BBC5F0EF374A3A9964EA07F8A99BC906676AC892D2A2762F0C0E6D8034A83D6AF1395625AE39E7E14E9D146A9F74DE438B751789777
          Malicious:false
          Reputation:low
          Preview:..y....R.u.)s..7..WE...6.M{4...."....*..*.....cW..u.s..&.G..d.......Ybl..M...b..B...+Ai..L.7w.n@...LD.;...R/.-CC.b...(.,p.s....D.%....e.....\.e...iJ...W.....CJ.!.d_.zA.v.......(.>.r..T/W.)...B....k.x.....]_d6R.b U.&.B..x. $...j.N.I.O.....^.Xb>.dsYW......G...h....r.E..B)...O\....$.j...V.f.];..'.}..D_.XB9....w..W..A...Jy..x.2..8...k..vx.p...`..f.....'.......}.zw.".?).,.....d.v!.....x..{....@...._...Q.<.r...n..x.l.....2.K0...8..9.\N.....9....~.QH.'y......r2c?.A".h...\..F..=K.qs@....ii..A....th.x.8...M...Kb....6..ee..^'.vP...=..@.]./.s.....w.q.I...?...F..F,H.-#.}m..n..W....M.c..L.&)..f..XL....oF.v.......j..>.E...L.`q..[#wG..G.p.97..v*G.&.....V.Dg%+5$...=*.3..<.zB.......D..?~w..2qv.....^...u.....7._..n.<D;....3j.'.p.t.T......~......&.8..%ge..=..3..~^z._....t-{.3A<)..[...Kh.:9i.@...'ER....+}...f...C))...!.P.......oNx.sT.*.P....OJ...\.^.^...<.H.H.......Z.........I....y[...hW.....>...B..../....1~...H.s_.."|..L.j..X..r..w...Y3.Rcr..

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\507b532306dc57a70dba6d385fa1db221bdc1196.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):7312
          Entropy (8bit):7.973614924612159
          Encrypted:false
          SSDEEP:
          MD5:5E2C9A2856C4DB195C4B6253E430DF23
          SHA1:EEE5B25D95283E0D6B296AE4D19BEB500BD731FB
          SHA-256:923553A2CECBADEAB4F52E477FCC76BCB7D4C64A0E6D7076E08416D525F5FAB6
          SHA-512:FB845D24D07774D4035604FD41586FA1C4B3836E7FE266E8EA88D2654644CB3FD76BEAB8BFB781E50DDFF932DDF58914891D50B0F99864D8B03A4B6159883B1C
          Malicious:false
          Reputation:low
          Preview:@.....|*......J.7C..S...@k..J.w. .Q.......~.S[~..7..U......B.2.R.F.j.!`.wGH.O.......If.L.Ok9....-...Z.'.\...t...$F.....[...eb....j.....`...H..G|7.....s.d.M.....N........A3s]6..S/@99.4...P..y..~...pb.v.l+3.....,v........z....]8..5r0=t...2C..?.VXU........C.}f.F.C.|..R....i..^..........<.Fy..fV.&...!.1"('..f:T....g#..w.I.IV...^...Je[.n........V...SGx...&^.C..Hp\...O.%...O.Ul.M.......N....>.@..r..5.......T...BX@...B.+.......p....I..se+L.Q{..D@.!#El.."..{.W......+.H...0.O..W.l.#9........[-...B'..q.G.MNm-...N...Z..M.uqi. ...M....D.. .<.;.n.S; ..;.....\....x.u..<3..U.?.z....HXi....e..@....Q.9.Q.x..vL.r53.7>:..c~e2+.6#....=@.....0..b.....-P....E.....@.QeO....J.).H7..,........X.+....5...T.h^.....Ae..{.mP....t.....H.0.3d..._......#..d...DI?..7ljnW....$J..6=......;.yjH.X..P..!.?.....P...tv.?e^..w.Q.b@1~{.oyF.qVE.}.....x.Z....O{M8......z-..r....G.CI2.H....*f.M..Gp...Pw...[.}9...Y.1...8./..Q'}J~......RU.]...c...R.A...Nh...uD..o....3.L.>.M..a.7.{).O*F.

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\691457a2a48aad1e983134a987a9e6b552571b27.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):7776
          Entropy (8bit):7.978021278525243
          Encrypted:false
          SSDEEP:
          MD5:F77DCE248E41CE0A0460BE124E16B210
          SHA1:D6FDD5516D02CFFB09E7AD79722A4CF232AA2D13
          SHA-256:A31840B6D8231834AA64D1398AAC4CB7011FED4310ED0E67EF304440E4368B6E
          SHA-512:8FFB1FDB86A8F3B4B7DFA56044283A29E5A1DD8A290D5C11D43FCAA6E3ECD166DA0F6BAF0436497A0E6ACED7EE98F0F6399F4AA6FE02332490ECA37E91EBBC92
          Malicious:false
          Reputation:low
          Preview:..B.-!.4....0...=.%*t..[p..9GH....A..y....J..A.;.....u.S.......9.cA}%.`....;3Z...N..-(.m..[x...../9.Q....|./\..D....8.V..]..`a..8M..6...}...n..{.}#Z8.)i.5.`.+r.?.^...../n.A...q...V]W.x,.fE..E..;|.5..E#8Q...=.3.3.@.....z... .....D..1......4|r.z.O.C.%w...6c...WkE...:....5e._.....[?ET`K..6(......+......P..0]T.d.9..m8.=:?.4.f.r.q...:.H(@~...eylZ.bE.d..*.A.Im..@..i?R......z..s44=.<...U...T.+.k.B...{w.9.....6P..rz...v..aC.+G ..."..Vd...fe....g|U.hr".`.L....a|..h.+.%.p...12......&...E.g...v.#.......v..2.K.n..vh.s....<.G..q..D.u].)Ie.l/d...6..7(.[.U.cl.'.,..........6,w.v...RI.....^..g.`...=.8(...L..>H&...........)...JkZ....8.G.e.....`m..p......./.eir.G...y.._....X~.`u....2..V..g..|.Z.O.^..H+...NB.b...S..G.Y..x..b.4x.f.....S.+.E.#}..?..d.3.v.aj<......9t...g.(:wU.3Y7..U..$... .;..|9..|m6D..\r.p..t..I.7U.h.....%...`....z].w....1...[..3....3...S3..E.Q...r.e..&>w.....D.|..b.mJ.?.3DhIK.<V.B........g!G<..bT..:.....R...j......=.......J....

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\764491f39a190ce4784fe9fb5f9321d6a83a6923.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):5184
          Entropy (8bit):7.96795817560692
          Encrypted:false
          SSDEEP:
          MD5:3E62C21A78048A2B3B706BBED5D5D3C5
          SHA1:2CEBC3CBAC67A29677555D6BFA7408C258CD37CE
          SHA-256:87C1D46569D3D15D2CC924C7B2DCBD65087FD49CF2CD6AAFE5AADFE8B5095125
          SHA-512:B4D6F181E4CF97B1024F1541F590A207D49BA5AE340285CD259883C50383190B05D2B4D81107B51F92A9D9AD8DCF35E7DC058FB2A0E70AE4BF1C53F8CB314F39
          Malicious:false
          Reputation:low
          Preview:.K.8......*..j@..).....M..m.....i......WI....pW..H...1j.....=..L"|...:..4Y.....V..p.&3...ax-..c.".X...D!.b.......B......`#..L".r..!iT..7.l..s ..bX.....Dn.N....k)t...e^.M.q....R.^O...T..d.^.%..I.=.....a...,]...9..5'..Q.]USl.1....................W...Z./....W@V.#F:.M........E.UVXV...+.*.{...$o.x....N'.....ey.A.m.........~.........g!.2.%.Am.!X .?W.qB..H.k<..b.s...... .^..U.N.S..&...b....JQ.z\.b.1.TB\.X..1k..PK...x.h......O!@{.D....}..B....Z...6.C...=6...K.g...Y..t|..a..<]y...!..$o^d..Y.D.d../..k....C.......~9..N.......7.8.J...T1Zl....%.J.Hv........'.........bk!..6..ZT;...D.N.....6..Ml$....$.'B.;.....j1ry.iTSe..9.."S-=.t.&.q...xu........yX...NA..S.N.5.}..Ot...E.../w48..Q^P........".oB...:.....J.#.q..3.+..!.S.8....\^.q..B...u..H.PH..@.....-.*....b....fM.Z...J{v..x"..?...Ym+6..-..0......2..+..ZO.\...............?8..( l.....a....6+@R...O.f...}_...v..:#5.C.n.|..j.8.w;.}W.....&).jv..........4.;...:..+..^.4.T.R....A.C..a...%#k:.v..(B..0.fP...C

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\95a8b5eb4b9d209a46517148d3490ca93123bfc6.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):6208
          Entropy (8bit):7.968557269298127
          Encrypted:false
          SSDEEP:
          MD5:BB5E5C1D7C9713764E34E2759CF06B32
          SHA1:13093E3CE2A3BC5168E89CD229152B894502C961
          SHA-256:EDB673C68A85A4293F5B0BFF18AC56F23CFCEC0047EA2B8E33470447F70BB6E1
          SHA-512:0D4F4240BB732789D4DC487CA960ECFCCA66A0B539EBE7CB5175A4E25FA1B1DACC7CB4BAA84CB67D8DFB533D6FE3B9E99F0B6B076A3596140EE827A0E156713C
          Malicious:false
          Reputation:low
          Preview:........n.,.iJ..m..e<.#%ffU..|A.E.D...".p..n.[*...a..g.,.4..1.Hh.......K... .BAy%.....Tg......Kf.Kj.0.L8^..(..J.i...&.k..Z.....K9Y.+....=..M.3...Q...%(..a.Of.,w....\B{..Z\J...I..&U.v&)..B....)k..g...ODX..i..0........_..4?.n..x.L..7.T*h.pV...._..\j...G..[..\.] .....'|......%.9...b.........b....Mj..o.../'";>.M.f...,....[...^.5....BpJKC.......V..3.K....r.*...7c?......Xt(....Y...8...=:2..d.../..K..........Y../!)2...g...G..t..........m.Z\....P_.~.#.j......>.0.B.7..EV......X.N.l...AJ&%Z..H|f...o_..H.....O#._..IC..._.k.F...J..N. 7.fH.....<9..R..E..Rn.......S..X8....`.....O>..*d.@w-j\.OW..[.gdW..A..-....L#0D....'...V...1H.ZEr...........Mj.'...#..q...#..iy..C..GrC..q.....]..S4...N..U...K. ...f.4S.....+.@.........0X...`.....f.Q.......G&8....?.Ndx.?..v.[..J....D.,.@o..fQL%#..h..3...\73.X..7.R&..\:iv..-.,...a.......5..i_M......V>~J.[?.GD.........R.:..o.....|..*.i.],t.XiV..(..N#w;.U..x..p.$.L-..'.[.@.g.b.2.F4d......\.Y..d..F.d..T.^.........2.x.ia...

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\c7f5d769a1cf8c7f79053219959679b2a01cd04a.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):11040
          Entropy (8bit):7.9825040342091
          Encrypted:false
          SSDEEP:
          MD5:F75D0BE3632204DF3611BE3FDA5AD277
          SHA1:9359F4CD6D212F5C3AE63868B47EF2F1DF2A8054
          SHA-256:82EDC8BD21A40A7911C3826A080E8755ECF120626B8729AC89F545B945C9A337
          SHA-512:A0922919DCD57201484BE255B59FEB6C246A9BACB5482E2B854AF083210D98314301AC7E5E46B887A957E12359D784DAF5FE1FB0B94A00B1942E5C5BD0299A0F
          Malicious:false
          Reputation:low
          Preview:|H-.w.eFhs?.mD.;-_...S.d.+.{.@=....].wN..?P.7\...X..,0E(..a.^...N.).../e.DA...+..wW.....\..T|4...b...}:G...Af=i.o.....|.....';*..2.."|o7.[.#I........(k j.|^....w..A..lG.W./}s.9./!./O...:lYX.&K..'.>P.IUU<...A]..1.bY+C.......U."..]....b..04.Ps......{...lV.....h)........yF.......#.<..}...s.{....%.]V..E:.....&..BJ....w=..a.G$.t..J.....(b..b..x..C.........2.x..Bz`.P.=.].4.'$-I..r^..>..C.^...3...H..W....jK..2...i..Q...*.9...8....:]{.*.H.U.....*...Q..cZ...A..;n{........s.....P.ZO>8.@.q.I.@X.......K...z.&.....T./?C..L.&.x...............m....0..X..a\.l.k.a.:H.+...v.f...|.R....jM....\.2.N..<=.01Y.P41Y?R.q..Z.o=..+.....F6.F....1...4..t.`...*..3}...`.F.......gz^..j....5...{W.6.kXQX.w.q.......Ns.@[.L.DB..Q,..@...P.'lUC...M...j.h.mT...M.f.K.....ph..@......^}$.)....x:..-.X......*.Dz8.......y7Q\.T=.;..B.,.>..te-5....A..Y8.."..7v)o....&.Z7I......9_...%...f.....i..?.b..v...........`..!r.Z'.?...1.M.Y......b(.P.=D....[...<E.D.....{.(K..xw..n...v8.8`.../...

          C:\Users\user\AppData\Local\OneDrive\cache\qmlcache\e15f40bcaeaa20ce46fea1395177e275b4261a1e.qmlc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8800
          Entropy (8bit):7.979346596932365
          Encrypted:false
          SSDEEP:
          MD5:D2C365AE1D5E7D0C91CD1C787594C2E0
          SHA1:84FCD0BB7D471AB20BCC9E778C70CFFDCBB95D8B
          SHA-256:64DFC167C1C0A07ECB7B960980D1558269D2608F33DB585B1484822A29F346A2
          SHA-512:25993846A54F858053257D3AA42DB3D5CC24C71CBC1B437C660ACDC287882215984375C0E114C4D415D2F681A5F547DA94BF5FD7E3F6609298ABD07D532A8B2A
          Malicious:false
          Reputation:low
          Preview:..l89.:..b\H.....o....O|.b.......d.|.z..a..b.(.h.?A^.<+{..-/...+j2.]@....Y..v{..O.S4Z.t.U...`....i.9x.....'..f.....G.O.6$._....c..e.y..7G(.....9..Z-....q.C.}3e\..;k.So....&(.q(..htt..&./.w.9....<I.T.x{.....4.N3.*,si.C.>..Ci....$...V2..kg<...._cy(..W.,...W..z.<.....]]..Z..|v\P)#*b..4%;-%y.s.~.R|...,.H3..|.Pc.......k..=...A-.C...3.>.B.8...@.xvJa.D%...;b.hMS. >...u..|.U....<k..8.{..^.....3..).\.........s.>.dC.......Eu^p...Y.+.$t...:XR.dBhf .BL..........3....P.$........?.F..O.e.xC.d(p.....b.....`.P$...O...,.o...D..]:.E.X2..(...23....Y...fH.....vte7....>..3...'g...Y.=Dh....`)/.I.R.B...!*1.\YK....X..T....i.z?...M..F.Qf..W..3...1,........iS..w.V.b.>....D....D.m?.^p#.K<.+...........y!zp.2d...,...w..F.%.....-.Y.............y..r............g.F}'.....m........KQL..4Vb.}.Il..m...{..~...%.J..}...G....L..m..;s..AS8".4!....r.....sW...8p.U............d....b.-......IF......[.W..Y.d...]B!.q...]..N...V....A..WD.y... .?K.f..0.-}.U.W.?{...}... .$...&...m=g

          C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980079124287636
          Encrypted:false
          SSDEEP:
          MD5:49AF743B7DA4D457D5266C1B2CACC1D2
          SHA1:EF4F0EEE060076B9EFDDC6B0449F87050F8FC46D
          SHA-256:8F3AE1412C42FDDA2253C66C085C4586B4A216B8A4B64CECE48BA00626DDC1B0
          SHA-512:175AA96EC5E7A685CC6B32C064C7867F366AAC9984A2C1B0D6B9D3DDA4DFED685D2FF35448103998F179E6581915A8929B1C472E0514256C298C93757E7EB4B9
          Malicious:false
          Reputation:low
          Preview:T... ......\e.....*2.h...\L...h$y.s.s.*...nD...Y......c.5!..\.{.\...@>..Q.i....V...C...../. .....K.,2.".{..s%.......P...>c.uz.....b*.h.F.>...Q.....M...+......._YPb9....G..c?....v'...v...D.m...~... '.u...c..i.J....../.......k~..[..LL....G....0.z.W...:..!...S......(.X.).JQ.O.`..9..@nL..r+..G....)dc....%|.m.v.H.,.<TJj.e...Dw0...ZzY6j....-...........Z.4A.I....6x...$(.i.WI...^.<..`h.i.x...g.^5.y}...;)...,.>=.O...]#.].TtA..)...d4uM............!.T...*..{.&.&...s7.L,......-S.]b..k..G.|S..E.,.:Sp.l+.C?.....K"~.N..K~t.g.Bs`^c..._.......[;.>..s..}rw....R.0..C.:....gm. uC..[6fUOaP.J.c-g..........REq..X).cU|..(.ki.T.2iU....k..LC:iI.+C<.8..d9.J.ZJ.E.uK.xM....r....gQ..z..e.p..A....7.K..v........W.>".............{MVd....@9.q..?...7..x.Q...U.M..S.C.&z...l,.4.t...bU+.m.Zt,...U.Q........n.%.c| ="...Py.=..q.d.T.....+^.,=.....C.....f.....c..j..RV...P]Y....)w.."....g......B.......k.....k.....!He.....V.........p.......$\.kK|..<d..AR..lR..j.Qb../+..8.....oF.__&....

          C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979343778785275
          Encrypted:false
          SSDEEP:
          MD5:57F69A43F6AA2C14FE84D5AAA5CDE38B
          SHA1:167048B275094DEED94B89511CFAC204F4AD422F
          SHA-256:FB07FAE955FF448805D96C2DC0BE1B2FDEAEF54270299FB11929D975AD8CCB73
          SHA-512:277FEF4F667EF5C3092A08A316A8FEB62AC4474D08D380E507D034A17CB6F786CDD496CA22526C83D70C0EA0DE2FE74E0B8E660DC5E92C1C2ABB3C4AC3E35B4F
          Malicious:false
          Reputation:low
          Preview:=.q.$..z..}.,....X.E*...../...w...Ry^..+g.W.(..R...rZ2....1 ...[Yb...d.{> .DU...;.b...\.Bp.}.e..5O......:].e..2..Y..;.J..~.H.4..8.n.....@..)c.Qr.......S..'.b3D.o.......x...).ZbR......%...'.^...cB....k.......['d...R7..U9`.....z.P....i.Z..%.).Hw....(..d;.._.m..x......|.q.-..b...1......Ys...s?........U.d[......R..._X.WV..VD...j...U...nF.uT....q....I5.o..Z..........b.|..6.q..tZ...)..3..c0..v........0....Q.U.4.=X......kb...#F9W...Eh'.@.5.xT....Y...i]jI.}..)..,.."..5..?...T..I...W.....D.s.P..i......"........sxCr..Y4...]@Z.=k......\+...b....w..zG...Uv.=...k...E...Q@PQ.}n..8=...]H.....f...`+.........,3....$#.%H........".EX......^.^...%......g4~.qD..."..r4/.V.`.`..j..WO.:.*..~9...=.".{.6....=.l....4.6.&../._*......z..c........8.mUhi7...j.~;..I.O$u..'.{...P.1"..*(.;...|..~.Z..Qu.......g......@.z.Z..........^.z........+......W.....;....Cn..........5....2..w../...z...[rQ.e.pr.......U...a:.$...".......8C.\."..:.k..s..............5P$0.$.."....i.

          C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9784101227672135
          Encrypted:false
          SSDEEP:
          MD5:1B74888756895FC34CF1F3E8217334EC
          SHA1:1285F7710FBD0A9980376F52F548BC51B5C7BAA1
          SHA-256:12464C6A520A45C2E33364C45F417B59F46AFB8768057A50D1E9C3123A31B638
          SHA-512:75B1F56A835B924AC66AF37CAFA250F73D1999F17800519102A32D3C06A72B9A7F5393F86940DD8A87BB7E395ADF42EC57198823156D834CAD237E7F51F6BCFE
          Malicious:false
          Reputation:low
          Preview:^CR.."_.Q...L8....t.0...Y..L,..k.T.4.........|.....~...x=.K.L[...<~...VG.K@...^3P....*..^7.R^.V.z...SE...M:).&.t.p.${...e{vh+.9..).....f.-.....8c.C._..W_2A.^...%Bi.CV....{K[...gl..t.:....OJ{:..o$.* ....c.x.<o.|........x]tl.G{;.K|O..P .W......"x..9..5.}_.d...o.*.TL...|.}"..c....6.=oa.z..3V.o..........m9.j.n/.l...9.t.....d....o......&4...'.1m........d.%.\&...{ED........hFP...Y.c..KW...V..0....'z.p.k...)o*[2.....%X.0.YO.i.....*Y....*...A4.a).....w.c'......5..5....^Gi....s.,..L..1o...........\..(..Et(1..'x.A...........wtQ....#p2...n.j..uS4w\...l...(...4......g.......D......r...!]M^.u.../.Z.0..*.w.c.X.wk..)%.B.1...s.;..-.`.,...k....U.T...K\eI#..6rf.d.......Q.6^i....4.......jX...#n..g,F........*.o.S.H.f.l.....O...;.S./Q...k...b...5W..8_*<wr.W.V...Mkkq.d..%.\.z[p=..,.SN..2)...gc......M...r_...%Z......x;.....b.p....?z.....;j...S..V..7l.(....u`...e5a..i"..FODA.;....H..S.}.Bx...G.A.,...N..3........E:.>.....l'.tD........5g8....;YNT.......Z.NoJ.

          C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980501110464696
          Encrypted:false
          SSDEEP:
          MD5:DC044DBD85200ABDA75CC327164DBA05
          SHA1:50D90C7AAE239CCD2A9B4A21253367020D430E12
          SHA-256:FAAF2EE0753CCFA9BEDD6D90B1AB43EF50592083298D6E9BF09FA5787A295B24
          SHA-512:35EB91F926287E98BD1BEFA7227E0314CAA1F822C1FAD046EAAACAEF6043FDA42C7F294DB40661B569AC079898F406F07B234F261D6678DA6A412168BD8C611A
          Malicious:false
          Reputation:low
          Preview:.n.?.2...>!RMx...~.9....TL..}YA...B.p.b3j.?...L..qp...........-.S.......B...R.KF.D..(..t..@$.At........%b...0lH.........x.}..I....@>V.h$8..x[2!UlI...(o..a4n./....2^.Ws.......y...).....i...M.5HY)..AQA.6..xyU.$.<M..}.T.\i.A^..yMA;$....u..*..|X^..#..@H..6....%.CY.s.N.,..e!3XB..S..?.....q..).Y+..<]S.....p..........>$BV...<.GZ~..o.7*Yo..NJ........+<....0K.w...f.f.Z.F....< ..-Msu.o.Y.$P......y.u.Yoq2..+......Q......{.+.*.3......FIl<G.....@7<.....\.0u......-=..Z......gB.<...^.........9..`....8T_$...|<.=.]..p.O.t4*....m<H.E..t.lNoJ.$&.tP...\.a.NG.;.y...*.Ep...d.[....#.P.y3j....1f....R.`.A..tx.w....B^...x.TW.\..._......8............E|n>.Um.*.....j..^F.<.&......8(=.....L..n.A...X'.....(J.....=Z.....q...9.;+..K..kN.2..q.....9..I....~..4...Dk=V. JX..!_r.1....No.MP.)....@...)..A.......O....*m........h9...L.[[.$G,..*.9...Y.-.".../...b..X ..+.....L..i.!..{.=...:..7jkq.A..3>..$~...{..q.....!c.>...^...9...q.v..+.....B....a..y.@.b........#J...

          C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979285225638038
          Encrypted:false
          SSDEEP:
          MD5:6B7C8F90F3A5665CDEFD3A8EC8B333EB
          SHA1:A405757498C95DDA181062481D3C8E4428E814D7
          SHA-256:6A8192DA17B4B41498864D1D217F6CA55365E09E14FF6714D98EF811D763DCC7
          SHA-512:C1F0B9B8AB68F707F2FD74A44BF9B15D8FBFE491B88799902BCE256C8CC6CD392DD1B1C92A8F0CCE1C26D45F7C4E3895761C1F0D90A4B1B82608F719D522F4E1
          Malicious:false
          Reputation:low
          Preview:.....V#.&.J....K.....AF....2".-.#...P.s..c......vh.N.......Khkiy"..1.V...|.z}0..p"L.Px,..G.K.....?3{/..."6.Y..c...@P~g.<.F..8.}V..$.r...i'......(#)......yP.....o...R......].'.ez..ZI.kcy.,........2.....j..V../....3...}3.iC'...(...H..}.b8...:^E.a.e.....I...E.2...q.~<.....%.Ht.*.......$..,8...a.+..Y.K.....U..e..b<.hn9..Zzb..W..3X..'C^.....\.%Ce......5M.......1..e..4f..U........hwN.y.....T....d .W./. ..gz`..3P._cR...0..f.\C...mn5...6.#.?_..E.E...7.<....3+..0...o..+.g<?.\W...>tm..3........Nm....L....Z.&...O{.Z....%..f"..qz.q!......d....$.B......1...^_@g'...`.O.9N.....&V..O.}.2..C..a.0#..b.i.mu$.Z`..6..c...EP...m....~.E..O.g.........].6...q..;`p..z;...N-o@...c.N...cs/=k.6....._.IQy,.k#......Bv....c.&4.{j..=4q..@.K.<"@.bZ."C..t3.{e....I..q..31..@8......9....W.....E7l(.....}.C.....o.j.b..K.{ ( 0S.oO....K...$H.....'..S..c... .x..S..R..X..4.z.h&.O....T.u...(..........c..Y.......9.e.r....7.V.....a.q...r>7.......d.s.h.~6 .m...\Ft|.s.[7...5b.9Y.....Q.NA.0..=`...

          C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978708140674683
          Encrypted:false
          SSDEEP:
          MD5:6AE5157C099D07465BB6AE884F4AB676
          SHA1:C232801752822F4FC91CA9FB444B6166F9C9490B
          SHA-256:6B240AEE950A23A977D3ECD5C18178CBA249E76CE0F2DA1C3534C91136F6894D
          SHA-512:42DB5B00CC971029D1604CD5B4F70F2440223F8653CF50895C72A3BBCF10453EAA8CEE752C98217CCEDC0B0787B98A8D090C65F50285987C81A1CC8DE73D232E
          Malicious:false
          Reputation:low
          Preview:......d....P...:..3..6..>E.=WL.iH..]Q_Z..1..b8..V.....v...\.HpG.i........D.....$....S....jp.......m.w.r.]....V..........-...PVd...z.8..R<.......XI.....M.._.h.Q.:H.<.M......'.>.:m.f<.N<....&..s.W.....E...Ac.@.=..C]....}.n..G...#%G)+.K.<d..]..YA*p..>...M.m....).&...W..Kkn)0#h..5.....:.4.tvE............Q..4PB.\'..5......f..*.RY....D8. &.!..w.s....}..."K......7?..jY.=...Q.a6....;.wU}...i?.n...teJ.Wi...S+.<q...@.....d.T%L...Y|..w9...<_Nf.<@]5.T..L...8)...b..+.k.&....{t7...A.}..`1..R.rX...4.6..*[. .&*...G.t.SU..J5l.,....$....hSY.T...w.....I...,..m..A.h.Q.^j......GqY...&..^....;.Z....S.....&...f.........P...8bGp..R+..z8.ye....9..n.q}..5......m..OM.....-"..FP....g.,..M/.24E./.F.......[/.&...5..+.e......b9...iw`.S...8...S.4.G.z...-...9..5C.-....-.....4VK..K..d.J{...6..9%...a[..o...!...J./....3&...Y..~j..X.\..|....@3&C..b.Q..e*g.....M.pu?...).................v...x./...F..4d....(J......J.wz.U5..l8F/}S.s.h0It7..>.\.}..?.2.j!..f......Un...T.....M.<..w.

          C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977471465492943
          Encrypted:false
          SSDEEP:
          MD5:EE22BB2B9C132C1C6C686BD1C4007DC3
          SHA1:6CC5998817438FB7E3F177D5DD55159F571ACD46
          SHA-256:3E61B533D5239FF785FA6C05C8A1C4EEDF6DDCEA3D59415B5D00D7E4AF4C0CF4
          SHA-512:131BE6866D5F9D5877D4E95B9C4107987E709CA077BCFA9FA61EFCE16AD80A8EAC11D822B25709080035126AF15EB6813B98359F66E82DC795E90B7A21490775
          Malicious:false
          Reputation:low
          Preview:.~..L.{..t.aS.I.`....`..5..."d...V^..<..]%......?.J.x......ZAn.....OU&..E.....y......AP..EQ.I..p....u.....P..\Q..Y...........V...r..N.=!@b......w<.F..k.AI#6C..<.[..}..F.....r:..Co.J.....K..$|h..K...2z.....Y;W..D..B.?..7..x.w.l.3PW.....{#...F^\..k.....c.6...v5...a...A..g...K1..d[/......y...].....R....<..s..z..yz...="..,..8.v.H...n.....@.j...z.@..k5X`s.vxh...M:?t....@1...S.'qB..s...=....U^.%..2z@.....!......M.......?M.%.iE..._...#......u.[tQ..K.....x.J..A..%c.s....?..].o?...O.....`A..*.v....[(.u=...}...{...B...y......`..In ..a.....p.r...oSrG.v....I..r.X[U.9........7...=.r|(.....+.}jV...U....z..h.......<!!...._.(..<.5.Km?...;...X$.[..V.@.7T...(u...9tF...;........i..[....h@.j.^6...Y.|.}.......w..B..$|.0s.0..u,..d.br..FRk..Z.s..(.u`..=..a.3I...R.."..3.../V{...3H...Hv.T..K...t..Nu..QW.sI...<....5p.q.U.......F.>....o..-l.H.S....hl....+......O.lE(.B.'.,e..3..Fd..q.C......H.,.5...b/.j.S.E..,.=....R.G..F=Q"..Ep.6*7....".......9C..x.7..-.R.

          C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981351292474014
          Encrypted:false
          SSDEEP:
          MD5:8B6EF6D62BD4169D649E02FEEA4C1006
          SHA1:E72986714C98E5E1C20D3797D57863556C8348C6
          SHA-256:F81A217FBC0470E19FFA2F62AB6E8C0DA77A6BB6238DD33FA8ED89EBD01DEAF3
          SHA-512:7F4B0382357318F278547B9A99FC1661DF2F5214ED4828E7F59AE862EC51102B4B58AEAB35CF2A4EA67668A77BB4F195738E15A741E955CC77AD98D4DC186B68
          Malicious:false
          Reputation:low
          Preview:A.{7G.{..@_.r[\..\..>K..."r>.9.d.y..9J5..r..Y...~.........?...I. R ....X.;..,C....A....q.b..o...A..2...Z...!.."..n.....3Q.:....D.xi..GD...].$|.C.J.T..b.ti....m.....5.U.?Z..>.Y.........j3..|..j.iZZ@..9%.@,.....s..8g]*|.?.$_D..=...........C....l....v....k|.!.m.Q/$a....<.r@.o..>..7.a.~RVKQ.:....+-.i..sq....O.0.W......A.^Or.....2..|..q.{].""r]......l.z.8OcI.<.Fm;).{gt._....R.>U.=5/...'5fO.~..mX...h.2.EiOq)-...tiq.x.7.Oy.*t(2SF!@....>...e..}$.x8..G.a.a.@.AU.d.w..........wM...[.......O..k.....2..$U.a...h.9!E.(......'....Z.Z....=....]..0.~...}*...}?.+M.....n....y.Qm.q.<.C|....G..&,...i..;Xg ...]e....9Go.L".]..].R]..$.^..t...`hgK....f.&:$.....[C.x..&.^.T....u..B..q.c..-..`Y....S.&....5..]i..-...,.B..k3.../.$B...S..5.....4.b'2}=A1.VNTQ..K.......,s...1W.vln.s.....y..5Km.e...~._......?..d...;.`.....T.AF....G....n....+...jq.....M)s87(..o....g....n..Yk..tsc...{..>.;..9....zi...........}.A!.9..};..*...../:.|..%..,(.1...6......O....9"^~....Q....

          C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978357742554605
          Encrypted:false
          SSDEEP:
          MD5:16F8DB6176B68E07827B1B1B1FCD2A68
          SHA1:E8FFDBD5BE36673B49998254089B74DA80FD7C39
          SHA-256:53359D058BE76A4A393076933F73F971B506F6949CD3B483E9A2BE3BB031782A
          SHA-512:F8585B0DF1E0074086F248D425117ECDE982174A1732F98C0017AA109F460FB0BA1229396B21A0CAC30AF88DED8712F2F9BCD83B14BAEB906B673CA193CD8F1D
          Malicious:false
          Reputation:low
          Preview:6.... .].8..8(Q!.=8.d..M]^U...JnT.V.z{...;{..+.F....K_le....."....=....~...~...c\8.J.m.:C$Ze..u.........U.. .V.:..c....X%..........&..;w....M.U.*.e.f...k<ij.@..'......l..$.....I/...$....E...=*.....X>j.W...?+.....~. ....~.H.mvXW..?..Z._:.....VG.c).3q.u5....K.u-...{..N...;T.....L.XMYcW.L.!>...../C...!..H.e.6..7%.r.3..@.2...E.....)n.+...]...s.....S%.!GN.G.Z....d..o.O..`......].L.X..?s`....u........E...#...U._.p..:.F...0aC[.h+B@.`.B...O._`...M}.."l....wS4k. ..A.h.W...8..zc.a.....@.7(.gW1e#;.......j......0..$2KS...+w.....A....3.....`..*I.......-{Z7=J-1.]....8.&r.X`.|P]w.c..=...XN.O3..~....o..e.\..e...#....ik.k.Vc\...RE.{i5.y3...l0..B.\..F...d....1u.p.g.wrw.m\D3.`B...Z...2.7.J.~.]gDM....i.+-.......0_b....:...64?~9`..C..p..u.X/.....\7..]......G..:.d..(.....Y^.1.p.>!p....D.....%..~./..v.\5..~..`.7......5.6Y?$.^.8y.....3..B.FG/.Q...(I[?....&.....9.....P..............1D....{.eY....V_..:].....x$..S..v2...).."...Q.h.Jo..yF.<$1.Z...zk.].~.(j.

          C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976358866408801
          Encrypted:false
          SSDEEP:
          MD5:89C204F5DF80B5D82B95E94DF272E8A0
          SHA1:15450726817F35E0D480B38D1535D94D910EDFAC
          SHA-256:1FE657547DE67A0FB8A0E82653BDF1BE0219F261283971053446F0283CBE0145
          SHA-512:67336C1C7F7037A9EB3FD5012C03FDC54858AFA08F0C2CBCE418C1A25C64E18856FB5384123E4E015FA39590ED5514952828E8362F4384CEA69E67EF86F99B75
          Malicious:false
          Reputation:low
          Preview:.?......\...'.........M.h..&._...J...DHp..%..?y.........uX......Q...+..................7`.RF.*..1TY..........U.g....Wz....!.pnj.1..o.......:WN.JE<..$....@.....-tVw.Hg.g..o..c..|.W....rn..3..b.X...J....k....l../T..O+.....h....1.+.yv...}#........\.sJ.......[.>."R'(..U......"8.L.uh..S.g.<....)..1q.......lwg../p..31..2.w..2.B...2.Ky..|..s..MV.o|.K~...-..3....wiMZ?.{a::b"..S.l..q@=...d..8.')..W..l.....#J...[.....lG...i...!o..w%.a.K`.. gCa}.......q.....{.....R).R.0e|.]]/.$:=...`..].J[Z)}.F|.V......$..U._.h..~.pd.I........vQ!|1...V...d>b.LGb.W]5.%F.....].RZ.n..S.......i.....1ozM.....w-.6.......Hu..{.. 5.......j5m/y.p...........9...=y .A....;.S.J#.......!....Y...i...J...F..f}RtYes.X.@.f...'....Dl....;...7....S.Cm.].4.XR..C.....P../....c..H...........J....'.g6f.......:..E....J..!w.P...%....M2......F...zb.G.a&u.W..?N.#jC.~......1zS.........VL...WO._.8U...3...g....V....k...h.p.$..PV.'.....8.............K.km.......9T......J...[.......b

          C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.973615553611563
          Encrypted:false
          SSDEEP:
          MD5:BD20C62EE73CD435FF258FE97CA0A475
          SHA1:8944A1DBACF9EF851E1C4A5AE185929E9CE83108
          SHA-256:881024E67086214C0474AD0EBCC1581AB3B925BA9BF9E121F313B26731BE5704
          SHA-512:6CF9967D42502257A4CC8528421687CE621A6836AE185A12C60E29206BEC57F83651EE7D0C28BB46B62B33F58C5EBEED11E22EA7000055326C96F8A7A5E27291
          Malicious:false
          Reputation:low
          Preview:.h*..X.2%...X.a.<..t..$...........(..`v.H...".....#6.....q..\#.Vy.[..0..[.T.m6...._?.|../.I....F.^i.T.q[..cX...(3.p.R.WwWL2e$..zY.A....^j..*#>=.,..%....0......k...3^...#$I,.=;..F.....Ju7&`.....%E#.@..PQ.....b...+@......I-...#.Yig=.....K..|Io@.......1..|.g*d....B.4.d...\..z./.K../....9.xX6;h..}$s.U..>.6Znc...=.....u?`V(w."..ki.3.....h.l+j..4.]._.....$...4......h....x....f.o...!KN.....lB|.H.3t .....&."/..eAG.x...q...?...^..%.}M......S.w..#xW....6P..m.5.:^.D.b..-p5;...U.=..#aY.|q.Q.."IL%?...'.c....s...t...f..p.a........].. ......z.?a<z.A.:z.T^.'@Lm.b.(v.$#.%..f......;.w...m..._...{..,.......\.7...6..:.`..=.."..aq.X=.B...]....KHP....b....K...$.....Rt..+..(......gX..x.....N.'.Fo...l<...Rls.m.......fZB...hfSH..x.....7...L.....a...W`..o.rr.$.J:M.nz...~.[.....R."8.'..@.Q..=..<.l.....w.....jK...a.VO.y...(..yF..}...L.* .....ZE.i..l..`... M.e#!.;y.....r..Q..Z.\#."..&...K.i.......\R{..j....1gc.B.....N.. $=....#.<....!1jM...Bs..h.b..:#.W...~Q..R.g

          C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978673597451501
          Encrypted:false
          SSDEEP:
          MD5:9B3B7E1DE04AABBB75CCDF7D515FBE4B
          SHA1:808BC3EF060D01CAAA3923AE90E18FCB007F87E2
          SHA-256:7D70EA8AF641A9CE35FB45C6779454C4383AAC00C38D9B197AA8BEE28C09A193
          SHA-512:DAF4A25396126595C6E84D0F898E712D6CB51D903B1E0A770641A7FB864220BFDE15022292A8FC904CDC32D412350F83972052DBB70631A2AF8F73C025F01916
          Malicious:false
          Reputation:low
          Preview:.@........2...= ..\%.D...\..Z..y...M...".l.PX.....(..j..g..t..K...b.......&u3..>|&.K@.yb...6..S.,$h.qS.....m._.3.q.....G>.N....X.F.=.....6.....Y.B=M...5...R#h......x8......=........,..#..o.^...#O.g.#.,...ATX"vV...ALn...}d......[!.,.I@...W.5.H.Tn(..2.$.q...........O...D.v.....6\k....cUZ..eq./...Y.../.~.x..k.)^.%FX.C.}13p&Br.^..tD....2...^.............Ta...b;[+....O..a.-s..DJ;Y......v....n2B..v?.>...$.y...9[}.....kt.%5.Le.&.....h.M.......JB...-.2...jMD...).n>&.Mb.`.B.pm.u.Ud.1..%uM..\..6.'.O.HUR>A....(.$.M0...I.U.....@z..L.....@..E.[-B.j|$h#...kh~.6...b1.=Y..T...e..r..e.>/..K.i}.1.H.T.8..T{j..#b.n....Q1*....v.|f^1z.. ,...V...y.QJ.....%.'Iln0K.o......3.%}T.x...<....A.R....a..<.l..Y..C.cW.{&4..'...#.i~..Aoa.s$.r(....3\O.....,G1...t./VI4..2.., >.......7..h.,Y].){.....m.3.0.Q\R.c.....+..J.]q`l.1q...u/.;......v}5..."..H...b...yB...n*v%F.me.>WS....7JW.....ew./.z.......I......oI..t.k5`....u.......].Q........Sl....h.qB...ChS.J`...@...3M".....`....

          C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980140456399002
          Encrypted:false
          SSDEEP:
          MD5:5DA5D103B6797F629C18685D5E2ED574
          SHA1:0F8A26DF2A265A1B057073D512C6555D99B275F0
          SHA-256:70DA8473B27002DC1FEC051FD7AC90E158BA00A7C09EA94017A35D3831E62DF1
          SHA-512:F49304A69127EE9D41E01C3D1D4C95108EFA27B5618B6A9528197CB13A7F70FA00AED944D176AE76DC920EFD8BD57586BA881AB2A87A85B43074935D6E2978CF
          Malicious:false
          Reputation:low
          Preview:.......iTt..#...d>...~.=c..55.0s?DG*a67.....!.z......@r.g.....9.v...Df~.......t...P...6......-..@R.%../)...j[..9.4...Z#...J..5.D..H....n.+.........Y..x...-.AHl...K..tF...`T..0...n.8.4)M...i.4..S'.PH..b_.T..a.4.R.....a..'..!...4...........o ..`.],........V&...<$D.d`P.D.Y.... 6.U..e.#p.....I..d.L5.5..x.....e.o.....t.aI..q.[....#.3r...\..e]M.....e6.AL;..jpZ2..)Q....P......}.u...l....v.).*Z..3c.M......s0..:5s.C=.uu.:B.....o.b.hb.%....Wy .<..Pv.5.%&C..YzS.e.....d\d....,...l...i.s...C...C<...<dK..."N........"..dF..&..!.....7.$".p.%..C..9.I..d3..[.;...8.m.]X=...H.4.N.KGI<...q8.G{..8.K.cA.7..%.'.....t!..J...r..*..j]=A;.Cf.~.K.W.I.Ce..E+..b-HM.>.C.C..8...^.....c..w%.DY.m....bMU.&.s.8.6..2.im.hL.^..g.FE...G.!..>6...........&t5FU.;n.~.d65......S<.D.m.}.(6.l..9`..:..u$....4=.{0>.......F.3{K.........F.....q.x.R..u$.ob.BxD....T........US.y..4m....E$.b...%....T^]..3hO...sA.,.I;6.........M..\".2.7.x.UB.y.,..........]..3k.$`....$d...op...-...6..wi.y..<

          C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97788609739631
          Encrypted:false
          SSDEEP:
          MD5:1AD0B6F973780D2DCC0004DDD01A6F37
          SHA1:7E6C2AB8D05CF1EA22121D57D7C96B3624B57D97
          SHA-256:F3F91B06BCB30A2F02193C4D3578F0AC5CE54BB8222D8C2F012D56E690E6D1F6
          SHA-512:9BE4C2E760BCDA76A565DE1A44912D9D5E649FD2C6A8122C28E3BFB76E7028E79A75BA7C56D4C003170B0A76E6E54155CFF9FD422417FF00569B3394A98BA4D9
          Malicious:false
          Reputation:low
          Preview:'P.....V.R.vq.k.:ub..n.....qv~u!.v........~..[.b...=y..f.n(U...J......Q...BM.A.:=Y.z..i7..Y...'e..l.........^6_.(....og.7x......... .......B....)..t..0h...Z.a..).7.p.T......L..Y,.X.=..Z=,.....zYW..C..h.6.E.L.Omt...K.......(..OI..=.z..j...{...F...K.....A.RM..f.>[......iB.*..G.5.....rY..77..>q.^a..GV..+..G.o@..$^....^.....{..c.*.aYnx!H...b......r.wV.u..>...P...jB..j...(........O?E.s.k.EJ.9ri...g....$.kX.'l..@#......'....v59.g.J=P.%K<cg.`@..t0......Kr ~.l.?..z.d8 .<....YO...6-].Rd.[...;....M.)&!...V~.+.Q.T}.....U..'.......u....wl......t.B......=I.5...R...*..-..>._f?.k.|./..$g.2...<b.H...7F..1..H0...Q.P.O.N}W..&......QT..D.X....s.I....+.O.._*..r)..7.<.x......!.....y........;...Jo).r..E.....K......[.......M.f..%.>i...th<..,V.....Q.B.3.p....}....>.b..*..0.a.G...(...i..M.........)..&.&.t...0....yWHjs:R.m.>.s.-gY+.+g1c.u}..2R.H.....k...S!,...@.|<...G.....l.]...d.dQ...!6...[.OL....1...../M.0_..........i./)WRH.5..bN.Q... ......

          C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981121095723926
          Encrypted:false
          SSDEEP:
          MD5:2ACDFF8A37E1418B7B49C73E624DD8A2
          SHA1:822CCB013006B1948F8660352C444E151A1C82C3
          SHA-256:29366C4B90EC03139A1FE7E384E2B973CE40118300BBE61141DF9894AD779408
          SHA-512:939CDC4DD1D55D9203BF28FDA7EC15AFC8CB9570C884C5AEA7E4F931664A6BC2CC188AFEC4D44F2A88D46C78B4C6D27E7F4F059BB61911620654CD85385FE6A7
          Malicious:false
          Reputation:low
          Preview:.I..K.w8.a........1'....f.......#M....p.aL.{...P.....3P..2.1.f. ...........6b.E..NV.....j....Y.>).';.......B.Yg...&g..aA........?..;wj.`3.UEB...j.!...Z{....8o.f..w.gU..$...i............6.GE.m#.|.0_=.l..h......v....N.(D.a.(..;....K8...H...........M.........h..!]K..N)>B.....:...)H.....;..28XR........,C...o.Ku*"...e..v......A.l-D.GL49.C.#.j....p..$....|8..$o.5.....9fNM.$.........).._K6ZK}./.dH8.rR......2.7n....._...O.]...a..4y.F...5X;...A.....x..R..-.-.....Q3.c.>...&..~n?Y....4...%.U...M. .(..z1^!.o(.vZ.i)....:__K-..;/....OL .;...s.....Z....3..W.V....,..>..h....,.5#..M...kR...*..v.e...|...5..Vm..f.......N.$.....'..u.....D?.*..3.K.#.:K2l.}.........v..4..E4a.}.O....8..!..V,E{...aY~M}....4.....1.{..ax<...@i..].<.E.Mlar;t.d&.D..K.... ...E.s.E$.l.(Z..n.......v..i|@..G8j.."l}..rn.E..).q>I.U..O...1..xj.*k]......:...r..5K.....R..z:...&O.PA..W.nW.L.-*..G1C2wa..%.h<........x..d...(O..tY.....~...OU.Y.........W.4N.....>k..9...h2...(...C9q?..

          C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9742758466830885
          Encrypted:false
          SSDEEP:
          MD5:01E133A6E507A354AAD5FCA0072C50E7
          SHA1:E1A773AB640C33503EE4CF7F98A0523F446D5F45
          SHA-256:E1512090F408C3C37FB17FFA6892E68693C0DBAF5501D9C897E804F31BB13438
          SHA-512:D766CF5B0C2503ED4A78F7FB21AAAED054F8B773E8E825836A174ED9FA822C4F4FAD1BE4BDBB630F845574BD68F0F3D2993FA8034EE4919371E93D0588711B8B
          Malicious:false
          Reputation:low
          Preview:T...$.....v5.X.{.o.=.f.e%.9CO.....j....9C..$zs.>^.<...p.MF....gp..p.`.....;.j.,W^ahd.?4.Sy..6.6h.Y.3..... .!...x.*.s.......O../I.....0..=...By.lI.\.9'.....4.c.C..a~.....M..I..DuAy...S).S4...[vs. 5..?M...:n<.Z....M.a*b.#+.!.4.\...\.....N.qAk....3p.u..`?.l..2i.[5OR=V..~...`...C..Z.K..6..$...`..#6..+...\..h..@..j|2ZSe'7:.....l.-...4..?V[.;...,.....s..,5?..H..b2.7.H.I.._g.........T...t.#m...l1..f.GS\#t7..C.:.GzO.{.....'u.v..<..^..u......b...R..{..#.I..x.T..c..6....8.?a}..Q.........j.u.x....z.:Wd.q.b....K.....M.=y=..v%....}..e. [f....xa.Fs./.2.3.k/..[xp?....."..-.a...-f..2..nJF4.M..&:.).`...4qf....J.W..c.=.....$j].L.q..t..J..<.z)....c.n....%oj.....r.....2>...O.=..O....~w.R@.4..=m'..A'.......A7.y.....t..Gt.o...{E.!J...,.W.....7....h...E.....Wg.Z.......j..i..b.D....o...M......N ....o.[.....S*.c....Z*...i..S..20@.M2%....<..f2.v.....~D...2..@^e].p......D!.O6XU.?*8k!lO/-^.......1Buk...w..3D...?.....%....i...f.cwq..2t.M.....e.lfZR..%`....s..5...+Jg.cjY.

          C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979221530384364
          Encrypted:false
          SSDEEP:
          MD5:4147F2160EE11F5EE12835E175387BE9
          SHA1:4FCDF47BEE85A32313313AC8F0FD246E61DF251D
          SHA-256:AF2791012056C4FC670EC61BE0E0BCFD911DE33A0FA9086981BDE81C3BE24D1E
          SHA-512:F7D1B0242915E75893F7DDE68A603C9DACA5F225DD3CD204D8E2AED717B967F035917D7DD6E013AE8EFE8514F95FE4510BEC6E0701C9F5B94D15BAD9AC9F90C8
          Malicious:false
          Reputation:low
          Preview:.8u.w......Z......) ..`fN....ZM.op.#.CL....9b.r.[...r"......c.s.."..z..Y%.h.....N....d.@*.T........Q:+..C.V..|E.\...,..)..9u..JkeG..X..KL.......H".*..l.&U.`QJ.B.r.........v....:.p.(..D.f..DV.....K..,@....>.h.]..u+(.&....m.......>+...T.....XN.......~.Y....t.."/].c...%I.l.^ed.......+.RX*r@z.I..@mOT....s<_...r.z>J....A..P...o...9...v.c...5jz..a.X.S.de.iH..G.... .. ..-C&...~.L..].F.x8J^P..k.+o....tI..l..R...PY..........?..~.U....qNA.....z14.......E.qzEK].^.b.........K...".....<G..f...:.:F....u=....\...nPa..l..mw>...CT.....l..V.....u......mU0...G6S..-._.E.II.{1.*JV.}.....qP.....:...C......Y...=.y.0.....`..k+)....X...=h..nD.....q........E.....<y}!P.....k..!..X..@.VR....2.|....*D.=F...'W....S..`.xH.{..T......#...a.weM.Y...gS..;..P7..0..;Zu./..v.~...;..2.KV..xLOFJT.D..|.h......E........]....h.....m...m...T...7..u$.'..\..1[u|...=.V..........p....A.A)Y...|....G.B._?2...|.m?f.?.z*.T.f...H&..S.8T'..........@..&?..o..eT._c.I.+.b.\.......A..

          C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977675133350097
          Encrypted:false
          SSDEEP:
          MD5:645060F0ADBC833F2DDFF7D981EC9798
          SHA1:589A90D5C2AE2802FFD3899C6C842599CB600C24
          SHA-256:643A5F4A7356C0DB5D431E3A249FE4FD9C9B9A6F75FCB453C1F09C75226F035D
          SHA-512:0713C6BCCD061C075AE4FD9CFAC92DF0971883CF8CFF0CE48694E974D050926F012D3577A64F12752573D58717173AC95FF568D8CCEA8A478A35220A3BD3E67D
          Malicious:false
          Reputation:low
          Preview:..9...].h+CJ.r..WaA....=...| .Z.j.nd8..0.nS=....r.w).,.w8.{.C....cp.-(.y..........1..fse.....r.....~...,.mavN....[...q1.Re........V.zp. .l5v......6|I......l.NJ...!.F..v.P...8@R.....F...8.f.|..".n.:(v.f.!..u......u4V.._<.P.8?.7..:...U.f?U.*S.... .+..k.\.y...zo......o#.Kl5.$.~^W.s.J..f..k".(|.x$...... ...f.D...t`..NAmc...O..).9.)..d~....hK.f*./.-.X..>.\#*........h.}....B.8.oY6.]C:......D_...J.H...'..a..H...B.3./L.D......F...6.$gaL&C..>....._A...._.....J........_^s.....1........;7."/E.A.%8.\V..9.!+.zK..>..}.!.%..A.^.la.......^..(t.(k..~r....(Y:..O.A5M... u6?...r..#...0..>..E..a....f..:/V.....1.90..).\|7.._..E.w0...d`W.Y..t...[L....n...)>...<?h..h.....^A.D.p...` ..\....l..i....|7.o.o.!....B....&;!..G!.=...&2....h<..C;.O.E.T.c.4...^..+.K.."^K.qj.-6W..J..0"...6..).t....G..<2..@/..z4."D...k"...._._.>.l.xNx.t.<..X..... I .r.WSf.z<..t.:..v....;......h.}.+.....C...b.W...MMn.]...\... .y...n........I#.b.Bk.W@Q..O.b...R......v..`.r.@.2.|.\i.'..

          C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976499085700996
          Encrypted:false
          SSDEEP:
          MD5:62C88DB933C4FFC283FC09E36D252713
          SHA1:053999891EF9BA5718F61EC545BB2D89244AED88
          SHA-256:A119E2EBA0720C875F81AB4FA65E9A04A8239AB25DD4C0C595F61653343F6DAA
          SHA-512:5A2AF5B16EEF9783200077BDFE23AA9D162860E63D93D9C86B542BF631995FFD29273166A40A22D47A44460219D4132F532B528F233334FECD01FC88AAFA18B8
          Malicious:false
          Reputation:low
          Preview:.._.D[.-O.I.......p.)......~2.jd<....\..O.w.b.(......l4WX.g...P.'.9.....Z......u..LYd...$_v..oZ+-....s.m..^...."...S ....ma[..'.9t-#..z.m...Q..2.z.....n......C.s.....)3..'U..?#..j.%.w.PI.A.p.]..1..K.e2.^{...j.d5...7z..;.`$...v....H`N....n2.z.+......dwX.r...;.,.U@<._ .........x..9?.r..b.Q..J.......z....V...AG[..A.../..F.T..(.^m..K...e.TxK...F......E!...-m....G....Y.h......mZ...........&.5..)y-...W.5.%..9..u...X...^....J..4.?B.....5W.....D.}I../..b.*.ufA..~.p..{A.(...z.....kO..U.c........d.+l...6...N..+....^...N..~#.!...".?;*......W.k?.c... *.[..K...[>_i..g.yb..S..C..u..A...........B..H9.pO..h._7...eV.....Nb..kv..j,..(....N.<.Vf...Q.YTJ....L..,..,..Zas.;..Z...81./.4.c~..<....7.c.TA.......j.n4...!*.b...s\.b...=IE...sux.RI}.z.....'.rd'.x.M/....8.}...V...4O.....~.X.x..0M.Ax....r.{B.R..D7.}...}....W..%-"........].9<.......3.l..L.v....p...W..]<EZ...=>...w..F`/.rF...&.W-.c...m5...A..N.....K..'.....n.t$...R.W.M......X.F...W<.k...y..c(.=.,79..z...-

          C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978123098699669
          Encrypted:false
          SSDEEP:
          MD5:5F8651EF7DBA1A62D0DE839E36EE407F
          SHA1:2F742A66284C7621822056343C6C777DD59A38B4
          SHA-256:C63AD5B9AB036852048732DB044098BE7C6AF1C847BA44E947414C16D121FA05
          SHA-512:57A3C38B20A1040A4A62821805F98B077D9D72B275D154AD3B21C96A8C8C272F265722C37553CA2F611400240A68EEF7ACDB4736B751B16E7D4AA286193D7AC9
          Malicious:false
          Reputation:low
          Preview:..n.T.J...&..-.9.........l.<_...V(..M+....M..L..k......(66&.....k..x\6./.O.c.z).>.-.ae.N@O..|u.e.n..TN/.......'.......[.G.).a....CML....m....n*C.}.I4...8.&......7p........{..-.[...Au...*Dc."X'..?.J(....BV..#.?..s.S........C^d.^..J..KU.:.kJ..z5R..%."b+J4........$.p..3.p7"..#N.?...5+.J*C@.G.]e..)(8...x8.`W.......(...xh...i.I.&.'...ZQ.u....Z.o...<.+A% c'.)Lj."GV..7....".T.p..Il.j<......O....>q...,..Z.....p...BM.[......y.X.R............(.Yg.:..`.~2F..K.u......&.nF:....p.O....4...?e@,h.g.BG+.......qW&[.j.2#..9X.....%B.....%#.L.a{P.N:.-.`..1..=..e....[.J.K.....l/....Rb.D...qHE.>.wR.u.w..+..;I.$t..p.d..J\xF.H..,.....)... ..@..q....|.L..&f.4..Yr..cv.hZVK".^.....-G#i...........jR..*...[..}...,.?.p...H.P..!.#..|...P..px.....^/;....7(..y|.C..FJ.WJ..z.r~.)H...B.....\...e-X.......LEe.-..f.*B..:..sc.0i...V'....sQ.V...H.'...sJl.L.w1..UP.N.8.$...3j}p...T/k.... P.x..J..c...1.C...?..1RAa......8.......+....E/..o..G..._....E...u...0.x...E.3P..x.(......$..`..'.^..

          C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979865542834305
          Encrypted:false
          SSDEEP:
          MD5:1D69EC4DC4060B249C1606DCE17E00B0
          SHA1:80E53A5F9FC80F2CDA530B4D4B3087F0AB29D52F
          SHA-256:ECA8D11125D364501419B119C8FB73D0FF59A9AD34169BE9402DF0C3955A5009
          SHA-512:3C87B6AD6A99D0D90110CF66F369E8EFEAFF4942D7DD5B6621C02CEA7FB82EDE2BF1325154BFE759CDD0C4EE189C17F4E758FE5004D2738F68D6391D4928A3EA
          Malicious:false
          Reputation:low
          Preview:......+*.......9)w.@:Y....v.j...f..'*...d+..v|.i.....p.W.R./.M...."#..7U....dX].S...a[G....r.|...A..F..EEmy.(...h......^............E.M....y...(E...3.lLv8..IK....~.".U5_R.7...4.Pol......2........;.a%.+~...Z....1/..K.x?x.*..i..].6:u.1/UX..e.x..&..>Q)WK...nJ*Ph.7..*}J...^..X.C..u>?KT..!.................cTh..OR..../..-..O...x....Si..'?......[.;....:sj...r.Pd.~(.`.8gS$..)0K....M......WIu...S"b.oo.....&..1.N1j...,`.kg.Y....Z...+..:.mB..C.R.p....f^.L,.....pr@..&..a).~..v.....d...J.%J...#.O.....=.4.y.q...L~..2b.W$QZ.'....z.._....R~.b.m...4.'....7^z`D*,I..._.7..l5...#.....`.lV .a*...7!...D.E`..k....V0..>vg..6kf.....`.&.z....BF.........G...I..#.+c.qA..>.^.@.2....Ix.^"..S>.,'.....=......%...j..0).2G....H..PT.8.p.{...?l.R....^M@.W...|..K..#..I[.HT...7.{.....&..tK.tP...ZQ........MDCE>...n......?.~.Af..V.;.w,07Z...~.,..,.2..d.$|.\E...-...0......k%...'.:0....}Jg......S...4f.......U..J..........}.Kbt.>w...J..I.;<.. ..=.s.....d.0....+.....&......0.z.Q.\}.

          C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976784717357059
          Encrypted:false
          SSDEEP:
          MD5:BC891146760F235F985AD76D1A5B82A8
          SHA1:7ED14A03E7E1DA8AF7FCC5B81A35387F009A47C1
          SHA-256:2353B031B0F7E5A166F5543D061810D46EA58DA0B382F46DB7D1812798208D4B
          SHA-512:6964E2472D54968FD9F51E80B1FE561F59DB87D111A4E9E3C109BE9698665C7F07863EFF8C9669A98D3484766EA457B57ED3DAA21C9BEDCE6F76871CCA22A88D
          Malicious:false
          Reputation:low
          Preview:.5.....kxR.....>H}.!.....`..TQ..XH....uc."N..G&K;.<.&......+E..{}.+......S0y..5l.&\....||..C..:....w..&b`'..r...Q1WE......)R..v.8A....J..N($.G..a_.s2A.*.nNg...X7.~..e%..[...p/'.MW*....q.^.._a/.K.O.l.....k..T,.."im.............;..o.... .x.f6..X......r..f.Ah...e.......{KN..U.+.......K.V@i.7.B.....?.. ..,..Ej.3...?..pn..%.I`T..~../8(.......D.l..h.r*0!.....$..;...$Z.F.i.C...>........i%.._.....N&V..7. ....{a......`...d/i6..g0...{..).....b^mHDY.z..Ra....M.......T.Ge..R.M...e...\(...!'..'....o..p..b.=.E.(..D/]..}.....H....`.S.X.R...44(..n.g.K...m)x..,......(J.a...!.:.Ge"..?.y.)+.nb.g.d.D.......}#....F..Y7.;.}..x..3.F...F..C..'.|..K.6...Ht.c....}X..6.].<<{..)<.:.._.:..j...G.9o5N>+..p.......K.d..-.....H.[..+.........eD..?H.V]....|*7.U..m\.S...X......<..gY....6...)>$.aJ.,B.K.K;....oC3...xP.....8......`........[.........uc.|..%q....yF.L...../..a.(Pr..UK......L..m.h.........X.j..X.Gjg...h.;...v......g.gG[ps].8.K-h...@..4.Z...I_....Q.Lg._.C.!7..`...$R

          C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.974628273721954
          Encrypted:false
          SSDEEP:
          MD5:528FA024513D9FD7AF5522ED2ED4BDAB
          SHA1:1018F4746FEE53CFF31E70FFDDDFC87EAE90E60C
          SHA-256:0C481AFC274EA1A7500BDE5046C163277CD2735A6864BFE54351CF5211EBF0D3
          SHA-512:51749692429EFA2C3BD4F4F18EA4AC443E77C2B8E77B48C3C2950C37FCE1EDD3F5996DE666DC61E514BBABCA144BBE02844ED095CE91AC883AFCA07D5F7A4A7F
          Malicious:false
          Reputation:low
          Preview:B...Y...l..Ia7.VA...~.vR5.?...L..!..?`..o.qEw?..9o{p-...*....5...?.r....w..b..*..s....{%.+.k.M....R.Zd..8M~.e.....u.m>C..Ti.}.p}.[H....k..S.`.}.....s...8?..D....T0.t.._0.....m....O.Jf.D..'b..."...u..M{JIW;<.......[.5...r$^*U...v..<....r....^..i.p..;*...T..7.R^.=..M^....T...a....z'B.@......^.K....2..y....c........=j..noO.......(9.;.....1...Po.....$.#..]z...+.y.iBAa.H..}.k..b6....$...$.+...b...(....3K.ae^...S3L.H,A..x&....1,.K.......!.y~R.."1..8nr.....Z...].t..;AX..%.l..^5.0..d....}...^..r^"Y.`.2\....w.>....z....[#.=....S.1...n.G.H,.AH.0)...Z6v.K.F.y.~voF......6.n..!+2...B$....4.RmId....qp;....E..`.w..+&......V...e.1.,.Rq....3k....l66../.C.We.:.s.${..e7.V.a..sus.y=:. ...+...../..)...?|W."^..?..J|:...h..?.....?Y..d...7..8..<.n..h.\...Ku.W....D'.......'.....>t.O.N.^'V..^..2xVv......:..iS...@n...\..W..]...i.=!.....H...G...B.t..dn@..p.^...G%.....Y...ww.?..2.`.2Tk!..n...R....}._.......6).5....-p...W......p.T..OF....LwM..y8|...X..I#7.

          C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979346813799337
          Encrypted:false
          SSDEEP:
          MD5:3F18005BEF1A8C72EA35C6F99CB56734
          SHA1:CA09F5EFE8F256FBE12D75EEB6FE6246DA63C0E2
          SHA-256:902515C894409D959F7D9A07F86C8E1919CA4119610AD3B3F1A5C0C75E8A7607
          SHA-512:2F40626DFACBE21A989FAD976FC093AD36300D441287B0CC53B0E9C9634CB33CCFD4F08CF5DFCA5D55D30A06EB9D791F47A329550F58EF61891A141DBBA955CD
          Malicious:false
          Reputation:low
          Preview:-....g<HK.<....Bi...V.){._...&..I|X.B;..}.>.&.>F6C.W.b.....6..M...]... ..P........^'....(r.CV..^........W5w.v.%...e=H..ISAz.t.pj`.f/A...Xd.o..j.0.k....#.zrm..\...T\*_.{@..M\...A9..4..o.....;O.U.4.g$t;..0.!....%<...*..4X.Z..E...).~L]=:.7.....Y..#..".B.+~..._w..G.p...r+..l....n.w..11.....6.E...?.%!.-5g;7.......F!.:.WY....~......D.....I..D....h."5{AiZ<u...r...=p\Tu...G>.C.. .VX.ZP.... ...ZI..0..g....~.....^.&....l.....j(..S.j*:c....z.$_i..x.0.f.K.6.(...Q.......8@o..Mp.L.+..=B8....&c.0E.$.......M...!.k.?.`,.. ...V._.q\.....Sg.mA+....L..D....`...$.....0..x..>...._...hY..T.9...P.<@Fs...s.K....,.!.+.].;.+)4..6Xf..bO..E..........S..T...-........J..%Hk.O..A.....uX.........n.r%....$B.'.r...F[..G@I/......Mg-.B3.O..p......0Zd.S.'c.J...)...5..G..../<!<n..lm./.i.B".99Q.t.Q.......a..B,.......6}...'3...f5H&[...3<2r..W.'.PO(.]~K....+.D[....x*.._Kb....=B.0@.k=.+.3.V....<x.}=.3V....R..@.6!.....Yo.....r;r....F/.z.>%..~B.*C..u..$.C..r[...<..d..(.x$....X...^.1...

          C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981099974655287
          Encrypted:false
          SSDEEP:
          MD5:14B24BA7CD5374E43C82B0A24220069E
          SHA1:D2F278A4F7B7EE7D21FF88257035B9C639812A7F
          SHA-256:1EB0D11761D4F51A284586D560326CBB9CE0E0D8D8E55902D97077A7309106D1
          SHA-512:0D0CB791DF07E332C3CC17A261B3647242626A140AFD8AE3F3130D4256CF4C8C26EDEB67308A4FCB88F359710B2A4252109E074ABFF387174C0854FC40F45F4B
          Malicious:false
          Reputation:low
          Preview:l..KK9/~k.7...Y.n.5#..B.UT.W...=.>.(.....=%..3~&..f|.S.@.O...uP....P..AI.=........2AmC'.8.!)-...c...b.i....6,...eL$.F..\)MG..J..._........Q.......%.~.u5.e..Ow.....*.R.P..P.h....E.....G.lO...'.FQ7...F...;....j.g....-.+...G.l.%S'{.jr..u./0.J...8r.kE!.....C..<.z.......^...:......2.?=....H2t.9..@..QQ...=l..-........3`.if..q.*V..3....T..Nci............C.5.m.J....!.E..9.]._.........3......$D..L.;..Ulj8.Z/.w..Jf.VF1..;t..........}.x.....RM....x..+....-1.../.......&.7.6.C....;5$.O.w..?..k....-I........5C......a..R.uv2..e..Gf$;......`.|....z..C.;-..l..VvD......."... (t..`pupo......$.l..ev.....:.wei.#.|......&co..1.;.Y..}..W...@.....~s|.J.......ES.4.....Q.r_....... k.<6}.oQ;.".c..4.9...Z....#.E;bi.Y.xU..'....x..+J..b^...B#... _....f...E.wp....Q.Qp0N....|...`.eQ.*.`&Z.$..*d`....%.P.*.3Z...=<u.....y...-.#.Y..n.P...y...&..zpT.\...s5C\>..k.~.M.8...!..I.:..p.a..Q....../|}..h0......Z..]LB....U....T.....@a...E......A....}.@.#.[W"... ....0.....Mp?...

          C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979243246497836
          Encrypted:false
          SSDEEP:
          MD5:CDF32EBEB5102A59BDC7EED82546F9B8
          SHA1:B53BD46D65E46617EFF7C9BB2A541FE5824468C6
          SHA-256:3DC3EAF62F6E129E06D00C1C9216A5019874D247E400CAB6CDF02B888326707A
          SHA-512:9DC6B97F7A46C0CA630EF935A222B6D9F6F951C6E7490DBE502C97C5C9309546F73EE39361ADC9AE4847381B35F03A029FAF7CBEA0B63552D0B1557B1D09F1A2
          Malicious:false
          Reputation:low
          Preview:.e..J..h.....L.....=.H.!./.ge..}....w..-.....b.c..W.n.d......Y../.....E......h.Z..t...`7.x....G.NU.O.......8-+0.pF..[&.....p.:.....~.8.C=..-le.{.m....{t...w,....gG....r.Xw..M...8.D|.>.h[=K.v.......jx..G...6Z...B.h.D...q..h'R:.....9rI..[!.!Q.........uN.|W..,.P....V....0...1...o..7.L.5&6:".n..7..g9...N..&..)........V....[e.)...c.Y....L....(.~..x. ..v...L.a.j..{wBi.....:.....:.!=...Y..V.p.:pI.]+..8n..6..E.......duQ..!..r....7....l....7#..q.F.N.D...*v.`..U-...V.$.I.....*.au..7c.......(\......`.j.Hd......]z...>J.Nbx..K.hG....0.>P......bc.IF[................u......-z@rv.~...^Z.7+n.:.gU...:.Y]-;.4.X...)..6."...Xg..%.B..)+..T.}SQ..X..0...5`....Y..Q....pV...-...d..&.....5r..XgR.<....(.S.~...V,e.Aa....J. ..!.......BH...?..[.........r<A..R.r....~....#...xF.{.T...p....".q..1u.>.m......)K..9..U.C..r"uU./Z.DR!..vJ.ZP..KC.E1....].R"`.G.Y..U..{Mk...2.+%.9...1t.....Y.9....U.#....y....../6/.[.#[J..G^XC-.'-T..]/.>.....ao."$.5..k._...gI.e0xV....=S7.J.b7.,...

          C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977845499600207
          Encrypted:false
          SSDEEP:
          MD5:81190B207C7B22FF4027044A6060719F
          SHA1:732AA1160C4294899802933D03B1E307CEDBA03B
          SHA-256:A3E113FFFF7F42004DD23C46379E52AF0B3C4898E6C2CF80F12B3A4A26AF1FF8
          SHA-512:09E1C340A85DC46BBB07FB362880E72DBD4C2F1343629A368EBF4C24F32436BBC142674030C006F572ECE040EF2E7BCEB49203EEB06CCCF475D4D3BF2F505075
          Malicious:false
          Reputation:low
          Preview:t.w.c.#..2%M.@....I....5^...4../2...,.../...j.Z..I...}h{_Y......B.U.v..z..i.........K..yK?.2k.....b..W.Oi..nK.9....<..=m.f..y}.m..q..E".....o+.PZ.~.-..>;.h.RS.;..fP'..7Zdf.gh4?p..V@K...p........WX.V...ko....`L.{..>.H.^J;3z...:..`.jE.....f.B..v..@..~..4.......`0..W..4./.....L@uwf.E..Tk...3+.O.4.....!.R...J.F..=......S....j...xlg..~..#.h.CH.....G:.1..q@p.ZW..&...qzT.(.c.V.o...|....r|....@...vR.! .HSwq.U...>&[........7J".Z.....`...~...j..1...x..*....K.y.*.(...Y..;A.L..._#.;b...^..#...u.Y..@n..w.8f.W.G@au1..s\.+...Xn.%..V......x.z.%>....C_B.:..g..8..^...].R.Hu.y...K.`,.%....en1s; A.n.5#.6.<+.... ...%NS....#... ..-$.2.)d..3..l.p...ut..U......i...8!-|.@n....J.R.C..i.M].>..B..-:...._...i......B."R.........P-.iwC.v.,kI .b....2.....Q..}.a<.!..j......\:{6\.d..e..WU..]...h...M..*.9.Ps...).\.g.L.......Q 8...#..T.A..&$.../8.....v".d.M[.....1...[)I<.o......p.5#...*5.P.nn{d.e....J.xaC..|9}..vC..#.k#..*wV.#.G.a.Wf.8.yS"W......^ZG...V..J...v.O..

          C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979786395058756
          Encrypted:false
          SSDEEP:
          MD5:151C0A8B239EE54CDEFEFD9F03AD0D9E
          SHA1:9B557F1A1625242C53A9E17AB0C8CDA72EB8B124
          SHA-256:28ACB4380C3843A3DB3FAB75AF909E5EC26AA19C57ED6C01AE3E641F4EE69BD4
          SHA-512:DE7A1F2C0826F12FAD1820E7AC858A3C950E7BE8EC9D2CC80AAE4CAEC60ACBE19BA05233D519A81F8E1272EC1A2F2EEBB90A368E75C131115033046846B6A243
          Malicious:false
          Reputation:low
          Preview:._..-....dm9...]_...!..Q1..2aR/..5...).!.7.O.$.c/.......8..uZ<@R....1.S......b...G...c%06b[P2.t.".X.b`@......B.e\}...W...;....~.?....a.C.n....&..9...e.u.rt.V.....D.?....wvp|..c....8<...4.<..._+.:...CX..<...@C.=..=.k.ijw.=......J.&.......%'.X..i....%w..r9.K..J....3...<!Qdz.g.1..U~.S.M.)..[a..y..K..!z."..9.....2..~5..u.....@..."....oF...F.]..I{<.J..I{..1...gR..y..b....`...m..~...2...2.I...~.'.).MGm....:...fM.6....3......"hnUHfU.... ....{.8.N.....xD2..W.......Z.)D.-..D.,...17D...1..L.Nv.....i.R_..WV...S........i_..k:.....).....T.;?.1k/..jm.h.xXr}>,...9...8...`..Y:.4..=.J..l.8..:<................dr 3}d#.V..U8.^..L{.s.*........l.H...n..6.........V.iC5....Z..46.<-..vmB4...C>.Gp.|.UB.........5.yo.j\.e...e..nF........rv......x..b.^c.e.N.P.a......K....Z..*8aa...'M.?....*._*..9Q2..\b#.N.Ja.z[..B_f.........<....p.X......!.9_{......Y[..P&C.Y....XxA`.4."^./...9..U0i<....:...{....5A..VU....4....Q7..3$..K.......E.h..O.*B&Y....Bi%~.2_2......[W...:

          C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979049191454875
          Encrypted:false
          SSDEEP:
          MD5:7B6BBE903A81574442AD6956A196943D
          SHA1:417B502ACE8620CDCCE4DF50896F862FF2F46727
          SHA-256:18392EE2536E65868E84D0187D4DC721860D7D700F4A30BB350B89645897D54B
          SHA-512:023D8BD47C8B7A5E16E63A3878B8F4715E68A491BDC4E874F8F198B991B758FB649D3268BBAC24C66520F713D6AB61E5C82D826B7D40C8A83F33E6C9874652D3
          Malicious:false
          Reputation:low
          Preview:.......n....2....].. ...N.Wb...B.N..)1...3.7U@...a.%.......Q..O......z(......7.f.OGt...K'.W..jK../..8......].y7.g}......c.5o.P..c.,..g.s*..Y.'..?o..(..a..."...U.-.$-D.R..I0!..4A....PMA.i..Y.<..\.P\;...i.......W.+fj.G.*)..D.Y..u..J.kJ...<. .Q._..7....{.^EZ.q6.+....V) }....C....:..T.U.2L...QLp.JV:.=8...m.\.Q}(.)uIu{4..=.............z0..o.l0lmde...;S......e..y2Y.V...D.i..F@.f.2.SQg.nW7\.;$.....K_-.C..:.........l.(LX==.....P..N.o9.......)..-E.....I..*p.....UP....4..*.....-..ZM...._.p.(..'_..F.Z+...9Y.$L.....z.f.@UD.2{B>uV..I07j"g.../z.Y9..6.....G.U...q:........G>/.82.$s.Y.0..w...;....r./...p%....2 ...TB.....+T..s]....o.X@.8..H.........@SVL. n..#.gY.4T..q..L....J.N...w.@r?..}.d....../.U.:..|.t1.......A..R.fI...rrT.V.{h..h.....L#..O....[t.:..l..g$C#\.@...eq..cMG.(..9.D.7$..mJF.~.(..... yZ....$.4Vz...0..lp...o.).7a.......P....y."..^...OLR..e...*{C...V......kp..!F....xT"..8...i.p8%...?..q!j....O....FN.!...C...'.\.....=.............D.a1^...r..0.O

          C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97958460362604
          Encrypted:false
          SSDEEP:
          MD5:DDC9305DDE50381BBF8A1C11C7787A21
          SHA1:EF068D7054666E87029754B58E281178C31BC757
          SHA-256:EDCBA6313C34C877B39C4B75402DF9C1040136D3ED56EE82B3F9777D067D5E9D
          SHA-512:07F4766195FF2458E694785479305A530CAECEF393EC97A1034ADC7CD76FCFB33CD6952D36FD6A50FA986FDA45FDE30904A748C4983987008D1C0738958BD950
          Malicious:false
          Reputation:low
          Preview:../V....w...P.AN......7L....,..f..."C..4g.q......a...EL......r.:.....(.%.U.z.....Q..O.;w...S.....1P^. i.9o...6....J0z}DJ3.q..vK......uGAk..c..{...,.3.Q.0.W..Q...+...(..=...o.m..P.pY...e...".xrT.4.3..K.......p../*....U........ .,<.`.......1.....~.a^H.{."q....\......Z..).&...(...d....%H...L...7.....i1...."=!.`..Vo.s..k.Z+...y.N.-&.."..A......,.....%..6....`.X....z..P.....lrM.M5.7.c.y.......(`..@.i.o./)<K./.-..b>.....D.lG0....H..|R[[..f.m*..c..GMl.h.........$..Q...i.R(.jp......u.../i..&.%.u.[.-;k...Xbi..A../TFa.0...~.n.x..|..oq.* ..'.-.S............CV..-h..:/..A.iA'..1.H.........az.t^.....&.0-.g..U.V..P.3P.H.. ea..qKu6.q:G9.0......<.Y..&Md-...G_1...\d.~).N.f.S..o..O.x...S.r.OV.P.O:/.g.\. ........>..c..q......s....8....x....G.\...^.p.X.V#...T.)..&[.|.T]F..5....:-..D.L..E..Ak.x...6C+ u.|q.m.......`......F..l....'...3..I..VQ....n<...(knKf...x...9E....5e..<.0..g..}...}n.]EJ....*.G8.q.AO,.....V.+%..Z..b0.G2.;......5.`..I...}..2.....K

          C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.983009507301594
          Encrypted:false
          SSDEEP:
          MD5:81A33DE79FEB426AE9F80C029A4A1979
          SHA1:89050CDDF7A92F0A127D2B99C209E8104E12B9FB
          SHA-256:5CC33300EAB1CF8BF54B7ACDEA2A73862E82355B7F70E84F849D6B2007206528
          SHA-512:06447FD2E82569EF3CEF44D079D9BC31BD56AECDDADC497D43B92AC6CFAE62A7E0B8867A22F45AEB256BDB5362317A17ED5DF789AC617B8AB1D90C7F7FEC976A
          Malicious:false
          Reputation:low
          Preview:.......7...+...}....."|....I.....}.....=..+.8...q..\.....*.<..G...GQ..x.G...05..BC..M...,}...*y3...$.....Ks..>)..l:-..O...4........AI....~.2..G.N._.+PA)........z...N.zSZ.t.A.Sh]...d.y..G.8...0(?4.~...<......2.8...~,9..zZ.d...b.=c..5.o...,L.c......n..UMe.Tb.3.<.3s.S.l.5-.7..bT>.b......+r;?......Ud.5 .!..s..(..;...,.Y.`..C.k...F..L;.I[TB.....N%FP.p...J...S.k...!.I7../..g.RP.R..B......qC.J... .......91..J*F..z..2..../NE.-.Ni.@oUs....y~A.."....43.....*..r......a.%h.5(..!U.....>.h};..>:^..8..5.B..-.....~..Y0.#....]..H..`k....vd{/.n..CG......*\q.>|.Z.:.w...P.........Ag....-.W....i&..7f......z....._w.T........{..Z....._.. .lJklC..*.)Q/aTZ.@,n.....J..D.<.A.;.P...........f...G.'.....Y..9.g..e..R*..(......M.....Q...O.........r.tb&.L.>...m.y+}.&kH:M.r....;.....0..C..bg..a....|....u.I..q...y~,..#....x.5i..A[e..E..R.:...n....`0.p.......t,b....P...b..J..Q,.<(i,c...clNi...1....)../J.jZ.]..C...<...h.\.....=...rw.... kv...%.......?.k..N^.....jN.~.9.E

          C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976571720806936
          Encrypted:false
          SSDEEP:
          MD5:E8CC6FE376635E8EE000BDB5909AB6D9
          SHA1:875D921673C6DD9D42E406152AC7378EEB48D60E
          SHA-256:029F982588D624F8870D2FA2536F46921D8F005F13BB6574674B5873A6DC3B1C
          SHA-512:46B6F1B2EADDFD760CD322010565358AECB247B0C01D790228BB3F54A7B3E9A1CE33C1E9A173CC6D29B90B0CF91B768C40DBE59995A7600E692247770D988B8A
          Malicious:false
          Reputation:low
          Preview:..v....L.....f.!..K.2..N.t_..L.u.}.d..r...:....H....C.x{.z..$!P........q~,..m/8.>$.j....#..H.5./~..!........4......2.B~...y.N.Lj.1.Q.8..plX~...JV.....P......}..q..3.Y.........).-.~;...R.....P..n}...H.N.~>'.|.[.L.0.K.x|...} [..~2k!.(....$. .,......=..;..>.H.....~.l.>.h...i.I.P.)..!...`....j.S<{.1.t{[n.)....8pc.H..N.....Zh..jv.}.*....t.B..3.b@..R.)..>:..K>$u.....N.3%.{.....'F.E..X....%.1lo.i..x5.A...H=wv.....yD..Bk]...u.).b...is...uW.p..m.m....=..e............$..:9..B..4...y..`........6...?.\V._.H.Ec.2Z.bi.UH......V/....A.X2.~(...W/.W.O.wF..t~..v-.]......\.t1a.t..a..#&... .........SN{.t..f.V.Y......k.j..M...4..<....bu+c...i...$?....6&...S+....r......k`.t.-%.^.....9r........_.!]....AiS_..D....W.....k..ANi..?...f..3/.N9^.P...e.[#...0.)F...T.l.......`.[{..7=.>.........Eq...Y..P. ...6[8.P..Y..:B..1`..!`...s......2.....\..{.K..+..........%".%.Q *.....<..8{.....F.......w.O....%.w~.I..4_..{...}.....Z...v.V...!.R./l..|QGN...N.S..H.Kxn.\%{v

          C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:COM executable for DOS
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978851882465136
          Encrypted:false
          SSDEEP:
          MD5:012987214FFC5973B95BB6337BF838E5
          SHA1:A5591D77DB842CED8D5169A215F453F21ED49D52
          SHA-256:21B0259E7BE0D0E54F4FC21C7C7F47620C83900A04A7C5AE1EA41A19EA29E3E5
          SHA-512:26B5CF77C7194D7DB9258226F32ED48EE11F49A41A125E3D0FE34D5353D7301CBD2717C122060A5D4B81BC71E40688DFCD9C8BAF043ED19BAAAD882BE9AB6B16
          Malicious:false
          Reputation:low
          Preview:..@i.l..rc..........|....V.wM..r^U.Qv......K.jha..J........F%.Ye...\.a..'.......O...E..8F...u...o..~>......dBY>wY...!i./......WYB`Ja.P...(.G......*....d...g.|.a...g....*H.?Z.....Hll.....O\0..F[9..N.S...IZ....a....A.,.hh...........!.+VF.n.yX.o.].$..@x.k_TT..).,.Zf...u..K5P/0.r8*....`>Mf....E.@NNnLyO.S.....6.6...$r.I^.T..~....cd.._....p.?..X&.F.y.Q.....;....OUR:R.E.....f$.?..t@m2.@...0u...\.G)..O.@.`.).-$..Q.....r.V:.'U..x....V.3{.>v.l.W......."u.s....,..!/....T....[..)F.*..N.e..M..x.%U..l.L:....|,...a&...(,p.{p...^`l.a.P..q.5..A..y.e.....z.t..y`.S....{.tA>.M8.F.|c.e.d....9...k..,...Z-.w.k..)i..F..>......T.........P..........;M^`@....A.t%...'....m..l........y....x.?...}.dW.Gym..|<5.=.*.n.mCoi}...PXM......@.X.E.%.*..0...N8\){\. .^1....Sv...Vc.....6.CQ..C...c.|..t...xN.|.m\>...3.{V.x.c..$....||.=z....>...i+.......8......t..B4..u..D.U...Y..,'WK}.[..;.%..FZ.<...."............)...~........ai..{h..}En.QQq,.W...".RR....]F.s..'0/...^).]U?X.b]

          C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978682326487396
          Encrypted:false
          SSDEEP:
          MD5:CBC694AEA15573F15A427872AA59D8D1
          SHA1:4755BA3C5197B45CA2383465373FED3F5B7EAB6A
          SHA-256:BB37305E0D380BF78475AB21C00890DC4EAEF42A797366C8664465656C37844F
          SHA-512:678281E97E758333CEF27C75D708DDA5CDC26143C79C9D5CAC839365AB52F6CA7AC9B969A729C90816AC4C53CF4262C327A87366DB5D11B622813834C54C50B2
          Malicious:false
          Reputation:low
          Preview:.Hi.o..c.....DS.!.x......u...@&......N...B.g..G>V5...?.Q.(.aO..O..1U............>........o..*.Dv..U..K...~..k.xgQ..,...67=s..s.oq.H}/. .q..a.l..[7.v#....o.z.wK......U..E.....G....q.E..?..P+.>.'..u.....Mb....GA.!~..._9...M..;..=....{.I.."*7.;$...v....fm~..k...i.k.5.....}./.m...G.2j.T.x.4....i..c..S.E....OO2];^46....}5..@...Z..B..g6s2.%^....cTd"..3..n86..t..O..`.3<.MD.h]N.8.Y.k.............Nr..)..i..x..z..\....n~.B.......8...|[/2..Na.o...E.$.q.y.&.L,.8...=X>..)j..-"a....9...Wa...g.6<.y.............U.A......O6V...u.Q.!s.=......Bc..?s...2y...:~..&.64....r1..R.otn........I..'KK6p.5?_/\..F#..y7.q..$...'x..2...~..........@..$..]+.2.b...v....l..H.JaO...%..'`.'......E....n4*..................#...6S.;^..7a.......qY8...@A...:....9.......YQ.B....>....pn.A...3{G'(...9A.F'|.U.f..W....]M...L.K.:0...!.'..........yGx...i.......M_UC.9..e..9..w....*Dt.L.;.(......y6...S......(....3.......9_..U.A.H.o....u0p.GWJu.-$[!%..PK.....G....@c.x.....@.R3.?

          C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\HasRegisteredAsDefaultApp.setting.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.55986027497336
          Encrypted:false
          SSDEEP:
          MD5:C28AC833A8620BE719E5065439A01F59
          SHA1:C8683D159CAC10096CC99D2CB9B8466DE0128666
          SHA-256:D1FC5D74AC0219D18051A38DB9AD1400234BF1A39933019B7CE5C388AF1FA59A
          SHA-512:BAD308E7FB2311929884EBEED5A5AD7B365F2E0923B6C1B4A5C18731A7E7EE92641DEDA7E9E82067AFC0C3D998B366BEA77D9D9ED3A40ABFB6DB9B7C7D884270
          Malicious:false
          Reputation:low
          Preview:G3....p.La.[.P....WY.9.2..=O,TN.[......@j.H...L/9....}+Rer0.P..0..........br.&....tP...#...+...7=...J.u.v..?dvf.F..u\...2w_.h4.?...0.8..=.....-....u.....d..... .......T........Z. .n.J...<......;...".ZiKm.)..i..l....G.q.~....x...nf..f/p.~.U.C...T.6/.....U..)@........);..X>.;...OV....H.@i.|b.i.8D./.k.nZJ....~r.*$.m"\.C ...Nos._...$...|....}'3.?^.-U&...Z$t.*{R....$...,R^........X.U~.m.R.:...Err.....O...^q%..).....J....J..O..T.....b.....e..$.&...ne..y..}.s.:..z....w.pp.!|#aNW......?...a...Od........d.......

          C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):29200
          Entropy (8bit):7.993325773533534
          Encrypted:true
          SSDEEP:
          MD5:98B51A084D291302BDA81F17B21250C4
          SHA1:6F54436006D1508883F5BD689D2ADFE2572A6DD3
          SHA-256:59E483BBFBD886C6B5F173AF8004A8701716569141898734099BAF065FF8B59F
          SHA-512:CFD8FA16900D97FB2E99519C44C85D342F90731BC733BE1B52F13C154247027D097FA764104A579F571AAE82EE22D41F14CE6FAADD9B930DB8D6C64F19BFB4AE
          Malicious:true
          Reputation:low
          Preview:f......M.T./2..L..Bo........@...5....j.........+63I.3...=.9d...{..peF"$..C.0%...06..|d.0.;..P.\/.E.. . .7.. .$.jz.>>.....Z......................Ftp.V6.V@L.e..]/'.[.....gbb.I..O&.....bm.}.W...M........ro~..p....L..W(D:./.._.ZGA.....H......*..N..'....o..a.~.....K).,..2.z#.FB.1y.CZ.X.A.j.b.I....p.{D}j..>.n.....8..Wg..~N .P.`..d.';=Z..6.KU.p...P.....(L.sN.k.P..u.Z.G^....=.\.-...@.].Vg...L....j.."..e.cu.7,...K.....}..6.c.\,e.F...5.+..<.8q....s......W.g..).{...0I....."5...d.L.:..L.7...W.IQ4...?m.y..+..l.~.+.8R...*...+.UlQ...j.hw.:..yo.x*.ha.G.y-...........`...=...n..y...m.G).`C.c.w....z.dT$.....MW.</Y..d.....l...Z-./...@....|3...7.H...b8k..1..I.\OB.$..`....E=..d(....`W.@$..[J...H..u...g].0.......R...%?..XE.Wf6.5...............Z...j.e.rpD.3...O.J).W..D..f.....n.....~.E.Ro........z.x.8.@.x.&\.....*....l7.K..J.[..."Z..u.AV|.S..}.q3...`,......GV.&`.......z^<...B...n.].?..g..E..Y2X...9TL....:.~A.....~.=X..&Rj0.'.`!.;.....X.Q~]i..3..8a..t......

          C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.last.etl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):25104
          Entropy (8bit):7.9922016816452235
          Encrypted:true
          SSDEEP:
          MD5:0EB068423B16FCB73078CB27BDAFCDEB
          SHA1:716B5260D16EF9C013FF0CC772E2F7E2B6CD300E
          SHA-256:1FE0081C083BAD2AC2F093D37CB6E407CD4668A8BC6E4EA2995641A85A3EE34A
          SHA-512:EE47B4EE9FFFF8E8065EA05CDF377D2B3DBB694F5A4B82C4B3DB99F6FEB450E578C92C842424668646485DDF75507EDB6A8121C433B0B8C9868509275C4813FC
          Malicious:true
          Reputation:low
          Preview:B.4...z'H^.A-.O..i.+R.a?.Y....B.%.|.56.*..s.F..<. W.......0..b...}>.;. ........@`...#...q....$...U..0g.?.w.xZ...=@..u....a..^..$F......l...X]...z..#.^..i.f.b.%.hR...O..w...#.^.....?s}.M.`.j.QK./.K.#...@.nn..xQ''0..P...o..| ot..8.w:d........"..._.*......V...n3.`h/..PE;.v~..!v....!..^..M..7.=M}..n..".Z.y..M...1....t....N+..B..^.vue.j.x......gBo.......oS.v.Te.:s.....r*.-#..5.w.+.K'.....B.-..-}-.MvY.#...<wj[...|...1..#U.F.{...j.'.~.?|....,.8.R.\m....o...P....3..............?q....q..{.........;my...z.o..k.9kl-}Y.i...qZ......M]T... %...;F.&...F.|......:/B.~..^..W.0..&.=l|.R%.a........M..V.0........R.+@h....g...........,~\.T9.....9..&.7R.|y...-.)..L1..L.$(B.38..}r..7:.~H4....SjbP.[%._o....@.~.o?..5......{..uwGZc<..P.. @.~."q.0t..M..>7s....,m\.rLV}...........R...Z.....OI.P.zs...8....<..P.r....o.?....j..:&h6V.....#..al8...1].BBj.rHM8.DT.....0.........D.A.H1.......[A...c.Z...j..p....C.az.K............N....b..&...(.D.....I.aE.E#.~AB.U.1.wk>.3...9.5

          C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979434743418508
          Encrypted:false
          SSDEEP:
          MD5:6F4B94A9EC6FFBBEF2F14E5CDF6FEE57
          SHA1:DDE628CA5FDA38AE2A03EB9F67F5AB9501A4E775
          SHA-256:A01D7A7E3D79339265EF9B9D3FB2C4DCAE3CD0C91CCC8FCB248C63327CF18954
          SHA-512:4B914ACFD6A10D991D4618A787FCD00ECA7C68F33104C7F23EEA673D8172944E452543483DA715BFA394D269751FD1F7E6A7D6152FD9934C736B12A9FB6E218A
          Malicious:false
          Reputation:low
          Preview:...a..N..8.....9...B5N.h^..7...iS.$#W_.....].. E..}.}....,.=.^k.g@...1.?.....yy.,....Q.h...E.>t...t v...<B...".T..+.K$b|..b.i}.eZ..:.....j.)BS[..*f.a.J..9.S.-.[../..o...X.N..3...E.....z0W/...J..>....f..\.*.A.r5....{..)..4kZ.......x^b....P..t..~.....+...`..m7.......Y..B...P.~~.aX.._.c&B.+.0.e.9.W.s*...|._.....I.z.x].o....E..h.#}..bR..'.R"nb.;H....U.O..dr).....2...p;.V..w...H,.@H...F....h30.{..A5...\.,[Q....'.e_1.^.o8.t}*.z..}t.....j...A.g..1.4..R|1o..6.&y.H..S .;A.Cq.).C*...x.2.x....v/=y,..m.u..|..._J.6.}i..C.....=}.-.K#...U..!..o".).... ..K.7.<g.._.5...,..W.."...8p..........._7...D...q._2.xy.!...>..3.Ih.+\.r..W.@....z+...d./W....B...9|.-..u.9....^#...$............yz;?#7....M.:..}2.Y..*.....G.R...S.K..(.O....Z1.?.Z.0........_..2..*........$.OwP..vFCe...~...O.O.6jG.w4B5....|.......:...<.A-cq0...H3.N..Fn...%.1.nj...}6....r........\$S......|x.3.`...G..j...-..].*.f.....('....D0$".O...t."5.0.U.x].,<..h).[.t.wTS~...Qx...]..;~Y.gb.Su.O

          C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:DOS executable (COM)
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9778494191231415
          Encrypted:false
          SSDEEP:
          MD5:CF9D251DDA9BC352D00F14E6CC7B338C
          SHA1:40484CF9013B94F4B3A670D7B37A949117EAF190
          SHA-256:DD9416B56D8705E768D96FE69FD4A4D0925B2D84889F2234FD4A812A30EE6BB4
          SHA-512:6FE645DCA97A73ADF7BF53E5FDA3772C8809A9DB65E80AF6E367A52F4FA8A0ACC844AE5F9E9A79DF0B466F9B20990AC02AF3A33B5DEA10C54300B07E8E77A427
          Malicious:false
          Reputation:low
          Preview:. .^W.O.e.B..18,A..C.. tS..'D...h~4.KLk..I....x..:.....N.......u...%b.~.y....r.N.]$...0&...H.....6........e.~%.j..J...7..L*U.+sd...'.@&lt..#..........=...i.../...^...V.l.\...j.x.K......],..}gO<.{~..cW..{n....Gv.e...C].0..+ajT.v.pU&Z.Q.Dw...3|......p.< F..........:GP...lu..s..,RF .P.n..s.d.a%....>..Kw...d._..=..T../.?..]....`2.1.C2.:W.H...*E7}...#.}...V..r.Go..q......C.+.o..p...q..d...E..BS.+.`]P9.Z....s.>.6./.E<.. S7.hN.o..z.[..@Ck.....C...=r.}..4...........t#7Jx..8:.j..h..R.J...S..kd...q8.....Dy.u;.'..k$..o.$..2k.n2J.G....!.~..Y|...6.{oK....N.+..h_..1.RW...u.h.'"....P............$...@.e|.l..Oy.i...../w..M.......!.#.)(Ps..u.NoQI!...Q&.......%........6..%..O.....;..0e...,%......CE.P.}.f..`..Hwv4!.....HB..y..x}V.'T....~.K|..0.c.....MS....}{.. .vK.4T..2...:.v.~...0L...6v....&.e..(bw.ah..}......3.F9.t..`..+1...v.. ..@8..K..q9.@..C..C{...U.`.u.c...._.......r.P.$v.RD..v.b....Qu..8-[|..g.6.....Q...^.....%.V..S...8L^D.H.x.Nsg..%..9.HO

          C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.975993549133175
          Encrypted:false
          SSDEEP:
          MD5:46D9BFD8DDACF678B091F0E3CA7861F6
          SHA1:AB1193D85E4891E55275CAD5A861D075CBEF98F1
          SHA-256:1A32BB50A1EBF5347C509042387D5AF100C2898C20193013DA26E941DDB97C38
          SHA-512:123BDD2726DE8134CAEBC4E1D5414756154E2F2169EB9B2FC56BBF7A243E35C05452921E20FAF3988C46D653ED026309DD3B21F9068B82FE9E1F736B9FDBAE38
          Malicious:false
          Reputation:low
          Preview:..@..u5...6...w.?.qF..2t..........K.BT.}.;i5*..%ST..W.....q.~..@k.e.j0B.F5N.B...=J..b,.}...yNS......J..p....5_Q.D....[....R............]...x. =u$.....K.~.T..(O........6Y.5K....>..>U>.\H.(D..oT.Q.......B.O.0.O.....b+T...VU..+E.L?..B..x../.n...tL.5.T........7..9g..a%#.q.v..O.f..........W.[9C......h*.$.f.....~2.v...?..B#.......|.m...4.....e.DKU....j..N..La.........=.l~..F.v.....lg.......W..9...:.T...1.*>'.V.i.......NJ+{_.T3G....5X.5.o*dc....~V...e......u7.....#....&..y=.......SO.....$.Z....p..{.V\d..Yb..E..F. .&......cf.o==p....g.|.r...&s....'..f|:.S......Jw2.c....Ug.. .[W?Q..;k.nC.b%.!.....@....w.w..k.um...D.h...pl{h.U..l......K..s....P<.Kj.H..~ v....3m:b[.......}..B.I...^e.+....N.R..s..[..-.V.\xF.&.............^{2 ].e......B.Te...Rc...3.L......'..w&..#p........s..Ph.I.......;..>..c$k...D..>|..-."$.|.....Q._..7^..x.........S4..40v>....W.AA+E...>.Hj...........7.J.IU.t.l.C.&fe.....\-..`.>..m...o..8.+.2.@....`[.......@...U..(..y.-Fn..'..lu..Y

          C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.975869057067105
          Encrypted:false
          SSDEEP:
          MD5:86012BBC95B2F1C9859B9304C579B423
          SHA1:C78EA048EBD6D0D4EA669A81ECDDC657E49EA398
          SHA-256:38A2112673E9CE27702B357E0E6EC291659645127A2EFAB7B9E995EA8EDB4F41
          SHA-512:E9980B2AA63D9B70EF17A77FA48ACC621460C0CB137DE985AF7B1FBCBBF12A3B26E27870B1D0E8BE097D507DBEF067B9992F3B1C7944ADDCEF8D1B8EA4E89EEE
          Malicious:false
          Reputation:low
          Preview:..W:t...FQ&.A...".5....f.d..OF..x.,.....*3.d....I..Z.b...C..3....L.z....d.C..D....]m9....*$S...O....}IWw;d5(..?.~..*...98tu...W...(~...q......e...L.....M}1..b(C...P$6.o.........t..w....,Z.E{/.?..h.0.1}.0+.{:.}..x..."2..X..J.$...V-.o.j.c%%J..?.x...v.{.....e.t..j.......6......tP#&z...}=..&.<.....}......Ja..UL.[n........G#?*.....V.....D.7.r...".D...RV..M.<.,j...q.E...`.BT .(\#.X...Y.g.q...;..*.y..xkJGUj*J.^...4.u.7....IR.....00.7....H;%.y..>..!).........W..V._,./l...X....KN.$.jhl:z.N.<..F..e..P...X...........L......r..D...e.....0}X9.l.H.Q\4...#..X.9..2X.((...J+.U.....}.v.(jI..-.<....n.....Y+T.f#..#...H..q.z!......Y.A.ou5^`..#.%w....V..4.)+%...CF...w.,.O.+.a.f..E.?.;..~........0.k..E.h.-..Q8....g.D1#5n..A.....k..a...f|...r..!...r...m.[.Tz.dL.&to....}..K]<..-..F|w[.N../W.X.`.........*..G..x........\...~.........?b`MY..q7..%..)a.L..{...a/.g,u.{v..[..*..H.....H.....d.ok'.T.44w...F....+j.E..Q.=..;...:}..f...IKlWA."....)..t...?g.l...}......~b=*..8^

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9770328523912255
          Encrypted:false
          SSDEEP:
          MD5:AF9FD1BBA07FC5D3F8C0E123EC9D0A58
          SHA1:7A4675B35C5FF07D0418CB0D54B07D1E3CEAF1BB
          SHA-256:6BAD11DE87455DBCAFAF71D0ACCCE11B3B1D36D77A001025362A10C086503A0B
          SHA-512:6330EC68170A1B4B734DA21CA881C254F5DE31067890ACF0C699CACC5632DD0860D1C6A3C8994E9F66390B87737AF9E022CEF1112D8388DBA95FA86F598DD78B
          Malicious:false
          Reputation:low
          Preview:.....S...'&^...qk0ju.9.g.....&n.Q.l..y8g...hS...c....1...m.vB..Q....@..c.,B..M2%.w .p.9C.*....kF{g...d.u$.&.S..T....).Ja..p......Y...]..2.c!..(..j.........|.q....4Xq[.e.:..h.E<A.}mt.O\...:,>...L.a%.....k..."...QoB.L."......h......5...-..=...`...w.^.`........8?.A.xC.w..d.....Pq..||.....q...p.+.&`..<'.a.56..S..b7.%......8:]..D..J.PK.....,k.$.\.=..#..!.$.mL...[.<~..$Z..g.x..O...wLAU.......}\.;.G.#m...Un.....)..;v.s.@...V....q@,gy..b.{.({<.r(....o......c....d.,!W,=../G...>.n..b.o........h..91...C..%....j....z:......>.`>.f..e........Q...~.MU.V..>.....5.8.......u...+RV....K....6.....n...)...&.MO.g.L.iE.2j....o.1s.<....5..K.N......A\.B.M..k.8N..1.hJL....<.T!....D...<<..G...{Bh..M.w.1..d.on....G..Y.............of...H...k....Q.;o..).E!.>..t..P.9......xj..VS....).#}.8D..5..........oAK.O.{.sOE...&....:7jNE.*..M...*..9xB;....p_.....(......yw.J..(n.....].....K.UR...E/.....U....'./.47\.[..."...s.../zD*..P..T*a..{:......`..":z........4.N.a..9..TR...I..f.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980586807363506
          Encrypted:false
          SSDEEP:
          MD5:AC8A0F41B848C2D4FD65AB8146A83A5C
          SHA1:E4AA92D3176ABAC829FECF8DAA138909E472C377
          SHA-256:BA75A05366157D08C15BA68A3F1048FF3356772F9CDAFF14CE12321477C76ED1
          SHA-512:0EF7FACEE5F5FC5EF69CDC6880A31D132ABE2A8BCCC67FF5BFEFAD67FF7D3026BF73AE64F1AE443A2371B80DD838382A045F753ACA3B20A3A041AE68C0A474C3
          Malicious:false
          Reputation:low
          Preview:fB..&....5..(...B.W...A.!Rv..5.5.......F....1..&?......<......Kg..k.V.......Y...>.J.O>.....%.TD.....C6.~..r..R.*.."........r......ke.B..5...#.>.......4...z.z....fkQ......'.>(..+......@...\..mV+A[..)...0.E.:..Y.....&......~..."I...dy...Y@....n./..i2iMk.I..9..7n.(.N..%R_....Q.\..yT..C.Z..."m...voE...L.,Wx."........cX@.",.P..W&~.5.Pk.k:.....H..1.B..w1..z....9..k.#.o.j"../v#...\q..<..&..).EP>3...F..-v.:.Pl4.')]B.~>.S....q...Z......l$x+j...?..+..t.\l.E..j...........\..+........Y..U...>.bj..x.[...d.X..8...zG..Kfj...lRG....e.`Fd...vh]|.9..X.. .D,.Z...?O8.:.p#Q.Y.u.w3.......M...kb...U....~..M...p..$.'...f....9Vn-;.2_..P.\F...C......!.$:....=..H.y...j...U..<l.q..Y......*o...L>Zt$......s..<.2Q..:..9.6....)zDt....u.~(..i._zC......Ub...Qr..*..mL~d.s....W3...4t....]l.......{.5vmO1.\.BXp(.E_.!......?w......h......y.:.....W5N. ....%j..p. ...R...!.rjFNb...$...?n5..$.?......6....=....o.z.$...&.....}..|..s..}..q.~..!lq..2....G.i....Dj.......(I.Qn.r..c..2

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00001.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):524816
          Entropy (8bit):7.999628518491124
          Encrypted:true
          SSDEEP:
          MD5:656D83005EF0079B13EAD9B34C60466D
          SHA1:8F270537DBBAB3F90B8ED7D0700AEAABE613E252
          SHA-256:AD3DE10B46A95158EBF13299920E3E2332207FC040F169118D107E6385F36970
          SHA-512:2F73FDECF05E232608FECF71FFD411E2C18D22176FB34B748850C226B47E4827BC7298C3FA49F740D07E3ED3A93DD75216466F6B1F98EF6D411242EA63EEE4E0
          Malicious:true
          Reputation:low
          Preview:....6.._..?..BY.hc...5X....o..w..o+.w.V.E.+i...Th.8......W(....n.x..N...>g..@D,d..T.......5..eO.Ij..w$..@....&h..`..>x.{Q.o".3..Tu....TOQj.........I...[.Vq.v.'..S.Q..DG.W:c.<...V=\<I.s..+d.......</.'.....9l....W\....eB..a....5..xw..&..d.........g.K...U.........Ucy3.1eXh..>K..1....K.N.~.5.F.....f...U...@t.y...z.&.....I.X.d/.L}y..{......Hg..qG..O.j...%m.cX^._..t*..@.dZP...-%../.....3.G^..i..Mbj.{.,CB..}..%....'..o...~\..} w.7...y.}. ...b.....}.y.......B...k^......Q..ce...J ....+s........T~....>u.*#>[..9.^.^.... .....f.........Y..yoM.).......\.[...W...R....!.o.2}..].....w...J!...2!.4..Q..M..G....Fb...ASO.9c....+.....m....@v......J*....a...PB=......C....Fg...m...D..Zs.OU>x"o.U...'.Q..L.....[...dWqs......&....5..."1..I.[..V..r[..%..X../..ux..5`........i.{.u.d..U..ezh$.uK"(8^.2d.....:w....!C.oQ...x!.F..s<...Ye..^.....f.q9\.h:.6./..?.....h.+H..{.,|x?........t[t./..HO..`.k.J5..r%.{8...-.).v.....X......~.m....Hg.V...5L.H../.?G..GK.B.07...q.I...?

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):524816
          Entropy (8bit):7.999660593319973
          Encrypted:true
          SSDEEP:
          MD5:68F1F848D4F36F57116279F353D3BAE4
          SHA1:DAA9591F867C705D642A3136525E2DDB534D82E0
          SHA-256:45DBE70848149B5334E433E7401411900ACA296EB5843B04914CB1901B75F925
          SHA-512:20D4759CCF129BF1ED04D0E5B58CEB9E39B974769563C9EA8D999567A9B783A2108BA6FD4B30C10F4C28754F3BFD854086F993A53E649B654413B8C0A26A784E
          Malicious:true
          Reputation:low
          Preview:`..uA.@..[.~.7......bW..d..>..T....-(.z...d......E.YZ.{...}HI....LZ.... <.0.N.BJ...}.(t..dh..7}.n..!H../;7..'c.Mp....o.h3(._......z.7..V}...`W.P.>Uq.3..r..[.......}...&.C./.yF.M.Sl`.....I5I@=xYF.O......C..;.h...Z.X.)e..T...[@......K.9c.dfU....z..Y].x.....]..w]X........F$.......N..,. .Ax=..I(&......p.Hmm......(.i.]b.......=v?.H..OtX.C8...\.e~@.H.../;...L%i.m..';.N........e-....=.'.;....b..&...d..z.L......_....E.....4...}p.U:.4.......}.'....P.g.Y.5.5...."p<..^...d.K.d........t.......K#A...p./.+&j.%n.(Z.(.Rc...,..4.h.z..........".C...r....S...D..........mJ.0.@.i......}O....2..K...._!..\.jDaQP...5<,O....e...J....LOE(iF..{^...o..2.&hcC.|T.Z..Z..[...&...F*.7...#....QY0T|.K.|.>....x......J..2.....Q0..Q....QS...O..}..P2.l..s.`.[..........x.q$..n9s..B......R.ADk;y...y.g..NH.../.?....Y.:......bBr.&v.7.......`....c.Y.E.....Q.... .F..s.A.k.2Qy..U...X../.......^......X.0>. i..s..(...#C......Ek%l...0....$.y..l.(.C...(..|...#y..>o_.W7.r.43j".Z.m..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbtmp.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:modified
          Size (bytes):524816
          Entropy (8bit):7.999646994651269
          Encrypted:true
          SSDEEP:
          MD5:E32343AB03816A1371C896BA1F919943
          SHA1:034DDCC8E5C8511FDC8EEEF9BC298C69FB3C7B54
          SHA-256:2DDFC9AFA18734D098D73904B3B947C4D30D2D79BB84769A85FFAAA0B9B675B7
          SHA-512:D051550A26884498A21CE02EDC67658E0FA7F74864C7C35528EBF04BC21B4D4048F993331FF73C13838AAABACA087F06BB172D51A7AB89C8830F17F483008107
          Malicious:true
          Reputation:low
          Preview:e.BL...k...[.}......fJ.c=$.:&......."..WS...%...R.!,.]f.S.C..hj~.2.Y.`.. ..TZ.6.......s.H...n....'l}..3...).&tg....1z...D........AW...sN...p..j..e.....3..........L.hH......W..$Q\.'6....*a..~...._gT...z...K)........v.W.....Q2c.D...!.g."EM.8b....{.p..5?L..........,...WL..W...KIb..*.....Y.r.....QF]q..r6=`5^..+...t.......0.fuC.!.AW.d.....F..k....N~..=Q.hL5.!....UL.....J.a.....h+...6...K..C......B&.!.nh.S....oM.Qh.L.0.. _.........6....f....3.W...=Z..=j.8n.iS*(u.;.}~%o..`.~...[v^....K....dD`......5.s..7.o.|...Y>.. ,.!mon.W...,pO...E...]U.I.I.PeS..+..-pT....,6.C.{..}?....j.E.W.'.@.....&..h.I.)7.j..:....Q..7,.d..f+......Z...{..J-..,........b....-O.....%..oL.;.8U2.<.......x...6.[.7M..h;.*."j.P.W...s.o%. x.ep.($.V.o..8f..t.`..I.:0.....xE.......=.&.V.F...~t..KdEz(#1o....+..:.P.V9..d.....,...sn..g..G...-.....S8Qf-a..QA....|........Hk<..r..8......ac...|..d.?.=.l......J.s..j.j.Q.!h|..9...n.v.2....z..`.z0S.b'...Y&....a..E.....u...|.Uu.0.,8..Q.?UO.........

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.974919832193292
          Encrypted:false
          SSDEEP:
          MD5:17788B255E57AFCAA72B890532980FDA
          SHA1:621EBB3116E5C098A851535B6459A72FFB37D843
          SHA-256:9A0105BB8C715F58FC50B7102A00865D28937117F0C562A92E0C860968C60B40
          SHA-512:F448F746E110C66BF014A9797CA936518E441789D43C39CC96B2556D06B72DA2B77245E8A7A7C43AD54F01095DAB2039BDD0CEA96E80478518C46331CD5A7CF0
          Malicious:false
          Reputation:low
          Preview:nwQ-....d.!.@._.Z..b....._..:.]e.:g....._....<.}..d..`...O.~GR?2E..1..,Zg...W.7.o.J.7..H....}.....S4......4.W2.........a.m>"...5.=u..N}C8N+pG.m%5.}3...b{..8.e._.....=..#...f. .........6;.v?.[.~....'..[.#.....*c&....$Cx....:Hb]..m.;E..fN.!85...Oq.....S.p.=..oX...P...1.....V.'... ..H.F.:/.zc.....n.W...'..!Y...._.z....}R.*...3D...p-....F...'0...n...Dx..X"....i..W.E...6...Y*..".y.n.7.g7\...m.-.~Y.V..y`..g..$.r5.H?~M...j5^./.}..?.&F....b.L ..|....jI.D_..%.d...3....6.$D..b>....p6d.1.v......zz.....3.P.#e.....xO;d.j...z.......5.......p....kB.....mi.@........L%.I.,......T......J...I...Rx......z..R.....Hnea... .....l..+..b..G.'..."..-...P?z.\`&.e...,4.hO..h..-....^.E.)<S.,t.6<.^.=.^.h#`.<M...N......-.#4....\..2...'.....A.F..@..... h..m..2...=J?.S......'-m8...[m=...<.GF&.s....V..,W?.....k|J.....d..>.M.ay.T[...i.sQrJ-...<.3D....D./b7..kkh.n....p..N.v...<.".e.HC..B.DY...C......u......{...U..B..?Y...=.y.?E...z.....$...'Lq.BJ...++H.."x.&?....J<..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{55ADD3B4-732C-41F6-B2D0-65E997EB834A}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.959418956919936
          Encrypted:false
          SSDEEP:
          MD5:F7301CBCB8829D299E98E4EFD6805F06
          SHA1:177999421BB22F7748636D2144ABDECB2119559E
          SHA-256:CC5D9E82C3087032386E4EC0A2726E54028FEAFB5DC6E7395014D09722D34C88
          SHA-512:4B40B772E2AD13B5C4E34D017E2FDC66580AAEBEC22299DC644429D44444BB3E4A83E5E47F115CA1FB66AEF36A0B7CF22DC42F93FC029116CB3823691D1EBF92
          Malicious:false
          Reputation:low
          Preview:...e.R/..Ole.K....T?9.....M.....~.....s..x7..^...WE...I...}.}...}G.....RYP!1........}.......U.0N..d.@..B,...Q...O..P.HQ..:...h..$2se...g.m..eZ$?..0.z...rS...x..h.. 5.V.y...n..[.'..Yt.M.`C..L~.?..........q..]T..Bn-.[Ur....g...........UI...c.....!...V<+<.J..(................J...@.`6.z!..F....97.bBL..\.G.....@.!...Y..8.2H.....v....N..{;/E.%........(..BMw..zR-............[..>...._.%9k...gd....o.Wbx...H..(k.......feq..-......K.@&g..*..V...Z...>{.[..B^.cuVs.^..E_.T.~..F`.`:b..w...R.@a.K|.a.....X...x.Q%......Q......f.a.ar...z[...ci.5..`.#..2.Cv..D.;NL...Z.6.,.>..<>`A.....A@`...Wk6...#|...b.x..6.....1V....%.. rA.g.m..l.~...C/.).,....I.....!.QA.}.....-i.#........r...R..1.<.`....p>4l.F.....i.e.$0.....r.D-.:oB.3r...`.).ar..(k....\.?..(....6}.R.3Bk4J+z.C..]EF..L.N6M._.?...IQ..HA..%.Qy....B......@..{..F.u.o4.|sly.'.{sv...&l...._...A.ny...[q.I....E.cM..A...i..,@..$.8..b._..L...o..Z.{}cA_M7.nY'.T.z9....m....f.........Q[.3..[.V.|....mwo...+..,....@8.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{9307197A-0D77-4ECA-92A3-3237318DA242}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.962250442779043
          Encrypted:false
          SSDEEP:
          MD5:5054AC214108D2309440FFF36333C71E
          SHA1:4A608E7687872D1720066ED0512DF0238C28F673
          SHA-256:4137EBD374FF7DA8FF521269EDF359E54BFBE08DF93182E7D3BDDD7149FAC6C3
          SHA-512:89C0FFEC1A3D883D5AEE4CE87F9CA3ECF48563EF46BC9180E73E66063F281BD9EA66FBE3F64035EA0D771C9822032ADCAB9637A209A46C4394EDBBBE7D6C7BA9
          Malicious:false
          Reputation:low
          Preview:v..x.Nm.G.;.qA..m...n.OU.=..+.........t..b.3.8V......q~.O.....4rC.....v.d..IJ-..:C.a`.1T6..r=0......ob.........Ot.......U..d.w..H........H..........g..G........z..p~..:....{.;.K..F.U.R..LD.I...qh+......z.3]....y...9.T.?a..v../X......%{;......D..@.&W. ..w...fN.Yf...".xz].=......W.<....X..(K.A?=@h.]...K,m..K...N........]..'.aQ...a...0..o.6.../.T0t.m!.U{W...:X...PP...?....i..P...cbX.Q$......w.Fu.M.X-.u.....29l..6O...%..{).......8.;~S,.ft.... ..u\....RbZ.z.i0......U[K$.[.<......s..\B.....!7..C.,.u1.....[T........6! .K....*N....N3...f1....o2...;H0..;..2..{....j..._..y.S...??.z....^X...%[..A.N..F..d......I*....Z*........F.........=..yK;..p). ...Q....2.....Q...JKvQ.h.Xt.5..'.g<.l...=I.3.......s..j.o..eK#0..(.....MG..C`#..zb.....'..P...R..={.i...'.5x..G.2.0m5.A.....)>.Q....Eo..r......../.:....TG..M.Nk...q,..l..j..@T.o...x..tb.1.M.:0....u.)...A.(.....:B.pX...x..O..~.C<$.i.........U.M..2!.k.qK...S..v.......c..O.....>d.l1..!!3X!.._..L{~...

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{D0566149-B0E8-4BEE-BDFC-3EDB18490438}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.95596495615375
          Encrypted:false
          SSDEEP:
          MD5:7ACD4DC786DD37BDD730BF2C4C70BBF1
          SHA1:5F48E2BFA46C64451C7912C9C341CAA1A9344488
          SHA-256:D5C03F21E2CCF96D71529ED21B86638E72E1D6A271FA58F3D6B573EA0CC29541
          SHA-512:317973A3A35DB8A7C2E5946905AEA0FAF1233D530E5118A52FF5490C93AB0BDE89E98D38E7D8990998702500A389D1412289DC212C0424AFE4238477AA0C9560
          Malicious:false
          Reputation:low
          Preview:.....j..C".......-.T..E_...>.I...3Q.Y...yA.<|.P..'.#.2.J..Y.W... N.......m.R..[.E....A?..S.56.7F.q...........n...:._...DY.E..?.\.\.........wL*x........@O...+wV...%.i)...`...aU........].|J...[.a'.H.%......7......N.....E..4C#r.:..^....:C0.U.i...4....>.B^..8..](..A8.e.uyx...]_R.*..\tDFB..s.*.......,..A..;L...0..'./c.......`y2.....t.......3..|t.k.d'...T#K..P....C..%t...-.G..FI.,...........io..S...Ik..Eh.l..R.&...n................&.7.e.{..>M5VrK.._.nx<./.7..1.X.AtHcur..}. a.M...A.v....m.#...AD.....u..... H(.{%b0;!gA..f..AH..;...j..k..#.T.H.l["*...h..YEl...pZ.P...`.A.Ik..N..c1Z..l...F...gf.}M...6....&'.Dq.?D.W....+0{..R......-+..s.D..vy.....b.{._.IU.~.NL..Ak..GJ....a.l.K.[.[....}.j.K....j..".f.!......:.0.....W.p..-:....~c.P~...zRy.E..r\.s.;....D.......$1.....F...a).*ud.......sa7r...b.<$...l.b.cFxx..I..f....~K.....`.......'..;.x[....'.Ibb=vT..._........T.$... GX.jb...p{..bj...c......j.l7.4'.L.JZ.g.6.x,.c.O.`j..x4]y.-./.|.g=..7.[U....Y...#S.....}......r.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{D1898DAE-6A05-4E36-9FDC-CBED4A1B0589}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.9550008748427725
          Encrypted:false
          SSDEEP:
          MD5:317421C886827BCD84A8C20E17628715
          SHA1:1E4B033CF23BC9FECB8083BFBEF10DCDADCFF5E9
          SHA-256:C8DD1624EA6C8F87CE204082A90847BF3EF0C0E03A6928F0764BE2FCEE9A46B7
          SHA-512:ED0EA8C6AC3351E512EDE80C68807955527C46C9F81D4A57DFCE44BCBEE78010E9E14A29B55BB7FD07F929EB344308F08A516532070ED586B18046ECFA9891D4
          Malicious:false
          Reputation:low
          Preview:.WRm..*`E_........B<....>w..N.0l.g..?...Cf...aKomU......j...@..K.K....X1.dz+..PR.fa<.sZ.5...\}.X0.......s!Y..-.x......L.{.~.|.'...;n..xZ7g..n.G,.........@.....T7...]B.....K...D....!...R..zSfs.rR.k..G..>.....8.Y.l..2i.!.../2.g...aS.E.oITzh...........Q......%&e.....M..F.y.x....$..@...MQ.l.. ..P6.......k6.n0...c.............tw..]D....M/.~+.Kf..z.XTo....v`...q..m....V.d. N..%.:qQ......R..qR.>...Y;..b... ....{.L..g,....t.._...'....vN..{c...2....^...-.G1PS`......`X.m.{.~....T.....O.R.T...tJ..h.x....%?.\.l."..`. .fBf.s.2\....&.....c9.......3.<.^.2{....+......}...L..cYpm....l.k. ...i.....< ....,*.&..e {..W...../z1%Xzf...q...Dsq&..p....'...9Sw.c9..6a.t..o....4W.um..8.I...u*..[..kD.f'...p.....:..(5..:).."x...<kd!.y..0zY.\...,X...PMH..R.Nk...)P]....t.....Z....$..p.D..C...K...vS._..!.]....|.B&U.Q.w......k"i.7.:.r.w.;G."zA.X^...zc.3..n>1..EF...8.A.....]....sG..[7S..9..>..`X.ffh(.G.a./...P.`aK^.[..[.. ...Z.I;.{..T...?3.(..d.[0xi.v<g..ZB...v9.-

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{D6BEF806-7870-4D17-85CE-E160E547F2EA}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.95863843036152
          Encrypted:false
          SSDEEP:
          MD5:0A3F9AC67D84A8FC2BF9A52065749068
          SHA1:BC011D33B3161B21630E0091CA7E96367DB639E1
          SHA-256:26C3AB2375E45FC1DC4D67875609E40EE5E9FC890FC96B5E47CA7B5CBAA6995A
          SHA-512:3FF72920DCC8F2C5D518C99BC740993FF722223872443AC55E691F2FB9AC769A66C63DCF86D1308116BF8348FF1B1FD5F921B8BA983F21120774E2BC880C3F8F
          Malicious:false
          Reputation:low
          Preview:...,..t...k@.2.xSBO:D!..D..>.A.M.^DF.f\.A.t.).%..g^@...m..2.......D.o.....e.@V\h....7.w...H........D....w.\.......X...:D..Ph}........f.).L.p6..,..-H.1....s.$..B..|....u.}.d.d..`...h.+[...Fu..\...1...)..Y...#...xA..!..6y].;..=.....+....@..h...1.. F.n.8.4.....]M...L.w...n...H.M..XT.o8....5I............R..8.b...S.......S..>.....5>..eWE..K.oo......O3...Q..z.p.S...#v......x...&......8...b.`...=!...$_bV...^.m..N.;..].....`...3?....}.w.}X.NT..c>cprh....&..g...T..i/...7..@=.?./.7#.W..UFc..........r.....[.F..=d.....\.L..s.0..+...&...3.F=....C....HZH#.sF......n$?..I.... .<W^.....#.He.a.06 ..o.8.a..;.u...P....2..)..C....}l@M.uH....\.)....zdl:.nr...(&p<..$.....xa.I=S,h[."....4\.v4R.;Q...\...4.J9V.r....0.G!...lO.1e.s.......~...R..I.j';.#2V=.IL/...(.r.............1.c.B....%.....u>.....+X..n...... .he..NQ%._...I.. ...xs^.?.......j..........s.]j......o?%.....u(.......j3.\.i.hU.K.TY...t..A.}.*...6%.Di.I.a.../..-..e...&.3..?c8...:.....l.`...Tm.i.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{DBC0E4A3-EDBF-48C9-B114-4E28EEBE0BAA}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.958375160478191
          Encrypted:false
          SSDEEP:
          MD5:9A53611356967C86909F98AE8DCF841A
          SHA1:B2E90F3B5AF7931ECB5B18DED7158C20EA728ABC
          SHA-256:5ECCD07DE7D31697874C9D143BC9E70649E64CEA03E1FC027BF7DFCAC60F2536
          SHA-512:AE93D00E4CC277DABBE0394E34F58D4C6B143180BAB59EE886B011D18DBEA61915B1F0B8B4261DF273BDC07C4B42301B5E0E2BDC5B5770F180D5ACB662014D89
          Malicious:false
          Reputation:low
          Preview:.X......h|..l..+...T....mlM......^Qb.....+H...8.C..._..f....9...../... .....{..A...7.:?Ig'..ey.C..m..........i.....[..9.Y.>@..4e.cP,.Ks....@Kp.:..N.".OK.m..Y......X..5|.3./nGI9...'....&lK.AM.O.Y....2....n&-....g9y5.dm.6..^<J..F...v...6..A|..El..6...g.~.X,....ev......1..=...I%#..-.$...e.....G{t..L..Q.wE'......m.#..)...L.I..c.>.q./....y.!.|D..Z.N..S...Y;f.*..Y8.1..Q.1>.#.....R.J...{[anN:.&D..{.'].P.....f'.......-7.!...o........2.$..v`....'...+....K...F$..t1xcC..........H.2tmg...B.Z..gu._.E.H..-d.....c.P...r.J...SB9/r..0s.yz..aB...eSN....yf...DNS.Iw-i.a.......b.x.i.74. ...D...w3...:h.|..{.....j...~s.d../b'....,.S2.J.u"0.w.E..5F'...>...Y...Y>L..S}MT.=..bL....6.u*J...:.........Z.W@..w.`.....a.)4c.j...(DP.....O.3YS...Y.nX..JG.].o>.....sp@......AB.Y}..^.]........o.....r...Q......K.Z ......_XzNKo7....L|s....Uhi.K.....*NY...].8t.I......Z....=.B\T.~{...d..e.O...5...7!._....O.......g.....1.W.. ...tbz[k....`n.S...j."]I....I.8.......O_#..~..X^+

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{F985B53A-55DE-4CBB-8FF7-E1983FCDCABB}.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):4624
          Entropy (8bit):7.956284681467887
          Encrypted:false
          SSDEEP:
          MD5:D16F5BA56D2CC1A2A8C345C0A027E86B
          SHA1:43620AE97B5D963842DA9291FA3714212DED4497
          SHA-256:B578BA24A0DB4E4829AA2F3DA2D6F1B7424EA7E052DDC855E4D28F35EC6FC039
          SHA-512:3E3B83CC5CDDFB3BDC76DA74EE0655517B14D1EFBDD491830970360723CE01F5B76F37D6C5F99EB0D293D98AE90C278FC43966168A1C0E65FFC851078750654E
          Malicious:false
          Reputation:low
          Preview:....R....Gu[......GT.d.ed.B.N....:*j.n...._.A...N.I.L..../.9.2...z....b..s{.z{..^.b'q."gL........N..o.._-.d.....qx.............1iS^p.*$$#E.r\.J.&.9....:...r.!..`t{.{#..v...."..)OH..3......I,.u.8u. u.72dL0.{.g.l.J.^..1..O....b}+..*....~.]...Mn.......\ .....qbQ..2#....vd...pG..,..1n..OTr.[+...jj./9!]N-.......>..y ..%..G...\.M..I..E59..XK..f.R@aT.da..Z...q.A..J..v.^....)..`.j...2{...%....oV<e..i.r..B........5...z.O.....S.h...Q..y.!..5..c.k<tT..X.R: .'...=U.s8.e..Q......NW...Y_.a.;.....paxyE...D....f.T...9....N.D...XS....Z."L.....!|.Gv.....7.D.....,..S......O._sol.m....>....Q.*...u:.....N-.s.y..{.u.....S?0....2#..Re{.(....3L.7...R..~..e.3.h.,(}...[.. NK.....bM...rc.A.rQ..X.6.5+.6.D9..~.t[.*....e.../P(..P...i.&=~]...mOUE...oI{...$...<...Go..e.>e.....h.U..`....q......>@OM..y...Uk=...es'/...,@.\*C.b*...R.."[1.VzT..1....$.}...q0.G%A.D`8.0v.... .Ya.[.!..O..Su.o..-..p$..{*...xOP...y..L.....2Ju'.w.6s3!...>:.d..W.).).j.:*...c5.CU...[.+0.gLJ.;7^.%9..P..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980706937399714
          Encrypted:false
          SSDEEP:
          MD5:EB230277761CE8799B1A7F980A96DB82
          SHA1:96DD27A377F04726803CFABC963A602DB0AD9A0B
          SHA-256:FAB3D8DB5AB3FE6DE627A34790402A9F5029DA430ECC8E0EC7A6346EC4A82381
          SHA-512:5125CE7DA48E110577A8FE405CF126A6BC92F7B232FB5BF579A5EA4421096D8526F8BE1AFAAD48C024C2C330FF603C7787056BB576B2B6148F89961F60EFC9BE
          Malicious:false
          Reputation:low
          Preview:....I...vy...}..`...1Pb.y.S.M9..*J...?_......Ym..Q&......}W3......(..gn..|.`...@K.t. 4pe...5.Y...{.wl7]B .g....f.Mi...'..#u.c0.H........... O..t)1%J.V5.\$...O..O.I.y..O.lm|....i..x.....m...n..Xi...v....P............UI..:b..}....+D...I$c......e.....F.3.@.....iv7Uo.....L..k.3.s.0L..[..|...t....?..2Tf5...W..=V.....c....M/.b...w..L.IC-.m.P....'..!......9..y..|.H.M..L....N.k~f....R..:r{....>..(.f7.._....b:....$..i..+.n.J.........\.YxM.)...H..}"Dk<..[h*=.Yhq...>..2....w.......o.......J{...bsh...1........b...;..H...G*.>=..wf.....5..{.-.#.9.z.C.X.....m......61...7.RYd.}.F U....?......*\...x..W..P....c7r.<.~.:.....K...{...?..."..P..?!..A..[.X..T..i....k.87.0..1"E.......`L|.U./...f..Dz.U...N.,.L,(...A?...;.W..g..2.....a]..S....3p...u...B%.#..t. .b.F.2....k..U...b.0.!2.}H.J.]cA.t..r.Ut..`..x.)..d., |.@.oh....N.sh>.w..$j9A......'.........]..qQ....'........(S.,.........7..E%bY.f..8|B..?...*=}4....&0T.-2T..{....^k....X....p..t".!.g..J.... .Wq...D...

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976444365810628
          Encrypted:false
          SSDEEP:
          MD5:1BFDE10BC810C9FE895A6E404F11C9E6
          SHA1:18715975744BE59BC16E83DF8FA19F48C58CBF19
          SHA-256:178FC442074E504BBD4478186E6DEE15B6160BC476130A79E4802D437EEE5EE6
          SHA-512:197DF8CC8A54B9DE9602684A03C0355178BA2144190C6DA69E1BDF430FAF1035121DC8B4679AA5093279E4970FAEB71FCF59054406ADCD1C575146754212EB40
          Malicious:false
          Reputation:low
          Preview:K......T._....4.P..w.J~`....%.j.....#..?..K.Y...0.{.(f..4Z.gCMp...w.....kF.~......)....M.1m.E...Z|..."...ZV.d..\6..S...\.1`.....]..`.B.B.%=n(....Bb..,..T.<.7.[.X.Y...%~.GW..z....UM.p....BI...L.|.Q.xHn.C..X0xa.).#HdJ.U..;D..!xY8P..G..Q@ja..y...Kn"@.~.:..)......\..i..%z.S..}.u\~)C..?..5...8...PB..Xo.k.s/q.*..z9.hCE.K..MG.5.V.T...R+.o.~.$....P...@......Iiv.z..&....wAX..1a;....d$zB...M4....L.......?<....r.. C.Z.0................x....d..,....w.#....[.._.jR..W?..$V....K".t.$.w....q.EI_RZ~.y....E........b...b....h.....?.O.....1..J..y.\.....;.....av.T5.9..S..C\..v..bU|.7..KA&....aL.Kv..\|O..+...&.5<..^..*.b...P..uq6.5..SE'...N..;.2..7.........SK1.....l...]c.2..|Y..D.].....)eaQ.&...J$t.z1....cr.Q..1i|O[...2..~....{^.]......l...%...3..9..:.).a?...n.<s..........I........$..}.@o!.;..e0.oU...P..C;.U...G.y.e....K1..'.....`.......F.....7/.a...(2.......9..o.r..1d.GQ.x`n,:....,....$.KW..5.R.pm..@F./`@......r0..6a.8r..,..kg.p*.ZZ.L~..;.....8..:L...t..4....

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980670508567313
          Encrypted:false
          SSDEEP:
          MD5:1494017C2E66D5CBC916D32F0B198B0D
          SHA1:B73C210216405D1466C4756AAA28DA20A1BDD769
          SHA-256:A0ADAAA501AF8CB27A6B2322D690F6191198F4A340D7B17BF77A0FCC3B7637FB
          SHA-512:60A291CCF801789DDEA6637B072374BFA7F6AD6976EA9295BCCD095356E678069544B9E65A3045FD3BD2263BACDDDFFA63781B7CBAB3590A8EA3BF971929BB50
          Malicious:false
          Reputation:low
          Preview:.[J ...S.M..W...e.|.....$.h..o...3.M....$..O..D..J ....R.=.7.`.W\U...g..!^.. w..8..../............!_......=.."wG_.(qp.I.b&S.A..Cq=...F..$..l.4.G...+.k./T.....R.)+.O8j.k..u.p.U.....g..............;IV:.yj....[..3N86.C+....y...0...6...........<.8?....7v4S]....i)tV....lM..3..'yf..e.@69..f.%Kh...^...tey....M=.+U.B.I.<.....z.Y.Pvz...ic....#.....$..... ....@.*...1..B.....x...l0......b....trm..L....C./G..K".7E..x.;..T.a..:g.....+..`.^.m.9..jq.S9*R.S.P.(70E..._."1yh....C.n.x.....H...R...{.R...7........`...W\.n.....q.@....w...u.D;..v.....(..]..P....E.y.7...Z.>..? B<....AZl...B.C'..iX...T.K.Q............q-...ZZ&.Z....y*h.\.=.._..,.o.S%...lY.V..hW...6.U..u.8.7p...m.......F.d.......N.wl.J...9.?..+ _*..]....}>....pM.r,.....h...T*V..........y..V.i..a.K.....d...Q...`x.&...........0#T.o.r....Q......<.?mY.[.t....WZ...#K......7.&./8ND.c8...{zGhC..)4*......L{Al>...se.Y..}G..E.@.....{.|.O.4#..u...D..=.x.*1...Y/.).^..?u...H.S..'=1..u@..Y3.Z.....tJZ)...s..B..../...l

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978790209242813
          Encrypted:false
          SSDEEP:
          MD5:53325791001DC2F934FD5AFDD45475CF
          SHA1:685DBC16C4EB66163E3C7F11C19461C9D2466640
          SHA-256:1FFB83590CD22C5E15215353CA4105F7601FD1BB03B3C4B1DEDC9AF49701F868
          SHA-512:B568F30945EBAE3297374ED28CA00E74BC6F6BC7159FFE379386D70328908082E2D6E07D7F7B6C6E01FFE5C32D3C3ED64C9CB67774767392436C002D34FA2222
          Malicious:false
          Reputation:low
          Preview:.(".......V_....."m...V...jf.ls....Hm..[.....$..D]...av....:.k[.+...SG.......^...7.P.7*fi......"..Q.x...`...`(...ng,G...Fk.t...A..]]..A..e.c.....7HC.p.\..l........N.dc$.&@...)..f#.d8..}#f......1.R...A..N..1.Z.S..PI...m...........2...o-.?..no]m...x.i.H..4..'. .pI..p.....n.0.....*Ea......_5X...4x.fX.%...Q[..bD....%Pf.|..x.=.EZXV...6..Yc%.}.. ."........P....1D.3..........w.....B.0.W_...}!....L{.,4.4v9.7...1I.P.),..l.,.P.w.5.....yc..0b....n.m...g...66..o4...r....2..T...bZ....b..y.~9U.;.Ds...8.7.<....r.86EcQ..m..\......d...oc..T....".v.......Zp..+d=~...O..=.A.....e.P.R..kG.|.6.k.T[.U._w..Q.U...tt.^g+....%]M?..v..[.. .0o45cK.......].......&...f.... ."......a..?......k.;.iHkwUT......{e.........qW ../..d.%....Y|.m7.0...7h...[......qM}.V*..p...<.P..0.o...e.UgB.k.#....m..;v........UPm........j.b[}6..K....IGW..G..L0..B.o.C!K...w..F.]h{.&.1i....p.}..#..h..w.X.......g.f+U.7.5&D@...g....@...H...S.c..]k...-^.9....w....n0Qa...v...:.$....../

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976025182754492
          Encrypted:false
          SSDEEP:
          MD5:2D9E892DCCA483C8105F3D34179A801F
          SHA1:6780B842929FA5AC8F911524B367872FEF92C5BE
          SHA-256:AF25459D4ED156943139D7B0A651A3492ED50F49FB5F6E3C7753167B45A13475
          SHA-512:4891E0F3A4E0DC36F74364A2B8B787130A66F46CC4E81D8DD66A2CC59E6CFF949970F2E11002DBB51B88FB4EFD569CC2ED7616B04BA5958F7B34AA1C3C103123
          Malicious:false
          Reputation:low
          Preview:..T.:G....c...N..D.8V.+p...G$....>...G..7%].....>..(.D;....r..8.P.ke.X. ...<..{_...."-.....s...Dh../..HO....<)i......OQ...X...Z{-..u.GK.+....M.6....r..../....z.Db...Eg.[._...f.G..9p.s.....2."!W.]...a..R.... .@..-[B.l..R.z/.o..F..`.sV...WG......*... S5!cO[.[.].t........7vl..3...?G..c.:.$.1I4....^..}.J.C.5...D......r|..l....7.........*6..4...E~........V..".u$.[.{..F?6.G..F....E3c.....H6...I.N.E....&$dA.:....??.......*{w...W.$.F......./.BJ...6a. .SFSL............ta.........C..AWz..Z..4*}....=.K.5K...V..Hc .r{..vW...9....a..R.D.......cZ...:......a..#.4.g.r.?{)J...Ft.c.........Y.x.~...w......}.........$..ay..BN....d=6=S.....J..~9..quA.7..Tu../.F"...e31B....x.[..r.@D..gYdk.8@"uD.u..,.Dz...`8..~;zw.*w.F...Vzc.He.....@....#....%.o..\.".w...&..%.o..._.3V...GW..@JSFR6.z.R.....8.c...b.L;.~....".H.....)...f..k.6.r.....5#.V.*.y/L=..Ny.......5.d.t.C.j%0.^..x...@....7+..(...QUL...Y#3".~....|.U.......F..5....D.ku....z.!o...'Q...m....FPr..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979782320976436
          Encrypted:false
          SSDEEP:
          MD5:6462080CF1FE29E0ED4469465E58FDE5
          SHA1:E0735BF84120F029F3D42C50A59CED80A478D21D
          SHA-256:E4D41C12F1F470945C7B16EAD5E51804D461CDE935BC50839F083F5CCFDE4E46
          SHA-512:2842ECEA4B51B8F51FE0D227B718472399103EB9969EC5645DE4FDB9A4641D9245F2874B6C5EC9232F25A804EA5F0E83CB8FA5A7680796C1449FF315ADDDC3FC
          Malicious:false
          Reputation:low
          Preview:Ig...KK....^.Q$./......B..Q.@cc\0........^X.Q....9/. ...h.H...?.q..o.*m...j.......T...b..YE.n..4.s..1.Z.j.!...O.vK..y.\.2.....I..Fh.C.(...I....i...VE.........j.........m....(.....Wv..W>...w...f6.....A.xb.y.....E...F.....K..$...mHO.*6.&9..}..B/.Q..>.$3Rp.{U..P.V.h.0.n...<QW?hR..."o..".f..... .)...+..%6S.3..(....&Z.KJLn......EoZs.8.....;......"D..4J.....9...c&.....7..2.U...m....]......X..:....L}.|....F........]..".t....H].....I'....=....'...+3..v...cD...{.........'.a..M@.]...#..x._.h.=.'.C..P`dM.)...`.'...i..|u4.[.JP../).>...-..Dn..eF>.RpG........8$.e.vn).y.H"....Q...C:yKN..m}.`$.qW2?.5$-;.).3..7&QQb{.3X..!.m.,..q;....;..]@.!.\..H...Z.Ra..`.RW........B..B-.t.....0..+Ci.......k...8..!S._..`..Q ./..r~(..Cv.'.>>`./ %.i..Qh.p.,$.'p.....?3.4i..n.0j.J....t7k.U4..F.C.!\.o.....i....v@..W.q.&x.8=....2......y ....<D-.j.....D....o.|....00/......S.o.o~yi. ."..%7A.......z.@.0Hsd-5z;w. ..g...."f.\.WaD.O..pU........2.Q...Y....G...%`..........,..Q....

          C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981291998442768
          Encrypted:false
          SSDEEP:
          MD5:2B005B845B76C9034AA6C1E374B5AF0B
          SHA1:530ECCDFA8A81735D0A92A667D6ACEC8F8173982
          SHA-256:8AA2FECB3960ECC219B05D41C2FF270CE6E62D13A16B41613ED9149172F4E1A5
          SHA-512:2D248CF39B320FB5F9F2476F7F5D138BD61940642C465B849E164740D880156FFD4FD82C581062E2D372714048959702E012505E523DCFBB8B7CE50E2128C206
          Malicious:false
          Reputation:low
          Preview:.'6....r.&..L..f.I.a@.gN..e.....W.p.C......eH..h...v......_.9....x|.>,.6.~.....69C=....e..T....h..8}hn..X...a.....W.....A...X..ths.7....L\..0.r..m5.$.....]......F..Axt8..d...9K.r.......,.uA..\..j.k.v.#.....m.8..e..c,.b..qz.....f$8.%.8..AT..V....s.....S.V.......-k..a||.tD...5...HuaO'.7.L*...1.......y..$..sxxx...HH..$K`..9....*<.A.H...k.G..]..|....4.h3.z."/:..6.#~Y..4.....f....p........,.E..9...WR...m........:.9..a|..........|.a<K.f.f.".9.}...+.Q|......m..G.d........f..2n.-..[C..+.../..S.E....j`..\s8]<3....2.....?.cOR..-..U.... .y6.HSZL...Z..O.J.v..q....n....5L.V.L.....Z./*..k.....c....C..6.Q..5iAVWu.._T...5.......?R.S1.-..., ...~[qE..$g%.v..C;'...6.8.F8"..M.O..G`.M.......=.......c#s....9O#.;`..,.t.F.....J>...T....\R.......(.~*.tKHB.K...gMu..'P.b.$j.V%...b..rlZ/.F.............g.<L..~.....uPN.4........{E.._.*..$..}j.....a..7 D.@o9z.(..._.7Y...G$..l..o8|2.A..y..q.$..4..iB.w..i.Cr..0~.H.T....M.w[@3./.c..j....f.|l....T...............0,a...-D=....

          C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981399637655739
          Encrypted:false
          SSDEEP:
          MD5:FDA18030DBBBF1C791C9097DB9523805
          SHA1:E1D711018D5EF8E7C7FFCEA02E040C48BEB066B1
          SHA-256:DC3378DF23084D40418278EF03D5FDA663C7150873BBC3A29E2137664B4CA3A1
          SHA-512:4DF9315C490B5F9F94DD0EBEDCF54B9A29A9FAD17B685C75C8087E723ACE0E49456746A62C0AEFF9D1CDD7717F48AC77CADE728442B6CE55011E84A9C35F6BD6
          Malicious:false
          Reputation:low
          Preview:]..IaX.......i.F....?C......P.Al.vOZ2.....HY....eo....ih.VJkyz0.....,.U..0.T.k~........).\..).QH.F..DyGT.N......j.v_H........t...R`....:.d..m.E.*...(../.zdW.T..">E;x. K..pW...&......a... .#...?2V.;:....~..SPL6<.?"7{$....=.....5z..8.!g.v.:xl..N. ..\....*u&....}m..-.Q......s...B.#..2.....&A>........(ycE.D..?...@/.:.:J .9 _....tq.%q1...AD.9......+dt.4.o.<..J...i.zG.H.`&....hm.^L..E.h....."...L.)2?.{.....3.m*3i...vm...}....Z.....w..=.......gZW.?2oB..K%^..%.*.G..`0Jc].8._~y...F..^2.~.+..u..;..%&>.........`..quI.ad...S>Tm.CT..!..|.m,..~k2.3..;...kK.d..9....._.M.....^<....%....L..+...P.d.-fo..H..P..M...i...j..5..d.NK.M.W.(...<....1x..z.R.a.X.=........6.....1y....`N...m..=..n"./.....M_.m2..z.....[..&!.P.d..v.FQ..P..P!..@[.uN....2Q.1C....!E..?7...[.....s...E..C.A..gWFFM....6':.6..p...?..+.U..AuQ..q.t...V...r.o...7.^..n...).._.U..u`..~d..9!19...W.MyD.....?F.Z...Zn.l..F../Y...m..+t..g....".,.Z....u ..Y..X._...KtV+......i!H.E.......G..C...F.......

          C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978803869569539
          Encrypted:false
          SSDEEP:
          MD5:CA47464E803CF9365205BEE36F42DFE3
          SHA1:285A2C25D6514E082CD9E7F45AB49CB36A24FB3A
          SHA-256:FF7071103DE56F50E4FD4617EA0B0B20934FC858D4299E960601A41B9B7A08C7
          SHA-512:BE0A4DB1A44952096460A1DA75D7209539E6EFA18882611AFC16B4BD01587D5D64BE52E3757AEE0BEB5EC5956963DA935173EE8C8995603989C0429D6267150D
          Malicious:false
          Reputation:low
          Preview:....5..6..6.3."....|.G.1K}..s....kraE...D..^..`.5.u....;.....y`..`aM.7Y.Du....t.:Q,&.oO.F..p..g.F.f.....{|..*..T.....H^....P......9q....^...[..@@..~4.....i@[.^..(+...f...HV.\>k..p9i...#-y.60.`.....J..,M@.J..H.,Y-.f..I...A..X.,x.....].G.....5V..vn.....!.bu...~4..U.....#.P{@.7]P...Or..za..5...q|.......:X....j*.{n<%].Gp,.o..tP.l........z.....K.3.R.I..S..Y%9..t.K...H....K\o.,Xu=#Y2R...?......Mr.>...^..d.j..x...a.....w...$./.r...l2.xy.~.Uo..4.Ij...Sgc.9.*.......>._.TY\...m.)...?~..xv{C|..W\w{.....`...G.*H.Q....B4.*.n} ......[.*..DT.O.i&5..<.I.;.._D:{.$.....%...|.>....._.v..zz..ol..c........[...ji._X.M..gc..wh(....h....b._<.q...v,..I..l...T.W.`u./:.s...59.Q.lU...y...&..n.PG.0....1z$]f.4......G!..olk..:Y..9Ob8.i..viW$.q....|b.._.Xl<......SMq......41...vl.8...9X$.y.....!%GY..:.[..y@..]p.yY'<....B[DAS'Y.... .B...j@..=%.......-.\O..P^f4..f9n....4.!X.+T<..."r.[..i...kQ......(nI....s..'..."8.?>.T`.<c...X..yV....F.8.\...h~.!5$^.&..g...Q.k.

          C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.974432403136335
          Encrypted:false
          SSDEEP:
          MD5:9AB1A62C873196DD7D65DDF12F3CB075
          SHA1:0EBA94D8BA7B5903172CAD63249357D67701E17E
          SHA-256:EC2DD6A523179B10343F17E5DF8EEA35EFBEDC983E3CB53BFB25AD2C7EA6DAD2
          SHA-512:81891211292433BA0A40C767F93003981FC042EB4465F65869F3330934541297CC0451D145BEA03570B1297F92C5809E96E8B337FD8B458C0B3C3C662EBEDC63
          Malicious:false
          Reputation:low
          Preview:....O....j.......3..?..$.l..9.y.r@...9..a.o..b.|S..-&....B_....Sh......9.|.... .....5$.1.Z.(.P..."*.K?...xn@..M.....f..+.........A^....i....K.r....u\.-.|..K.X.........gA$C)w.._w.z.Cw..Z.M..-...!LX...cJ..|..T.`.>..69.WO.37..D%%..=.4#f..%...QD.%.=....I5AS.; ..S..>:u....mZ..;`.C..~.....o.).`N...M...6...F..L..F.C-..$.~...A....q.g....&..Y.h.j+V..?.%..n......Mo9-.......t.....L:ZR....>..\?o.l.j..0s..H.>p.v..M....V. .sQI.g.........f...F..,I....$a.....'...g....].kb....+0..S....R.MW.}1rH.S.)......6.<B.....IX......./d$.K...}.&.L./i.}..L.<C.3(.p...<..P.Xx..|....-.z....5{L..VNS#.p.............o........".si ..3+.e..$....n......h......C\h.d .wf.....'4<b..4[....7..@r...(.#.'...6m@.L{1..m.^.6z.[VC...<..D.aVN.z.f5.^..]B$(..7..b....Yj.......B..g..{W......P0.j..H.....6.L..|.e.....I+..}1..75Vm...~-FQ|..g..C.$..]{..zF`fk...X.>A.gf...TE.......T...$.;NdK..X...f2...i.!?.x;..)....|..SJ..eY/"f.P.%.y.z..7.>"...'.9...5..R...G...8.."..4.4..w..B.H....Y%...~1..?

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.DiscoveryNotificationTask01_31_05_43_56_6413.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1824
          Entropy (8bit):7.877309457792446
          Encrypted:false
          SSDEEP:
          MD5:ADEBE023234666C117634A76BDEFC744
          SHA1:EFA0176768AE8E309173C6273AB57BC204C0817C
          SHA-256:26FC385D353F01B0BA43A419D253722D8D82A55D631BFF558502424308C4B5F0
          SHA-512:F2B203C3A09C041DCEB64ED3A48BB9E219EF7533FDE28B011E36908931A52176FCB31FFA91AFFF6F33F2CD17E3D5064B1A3603710F56716DC80FC8A1B64F391A
          Malicious:false
          Reputation:low
          Preview:...;F....(.....!....=...RR(>..5......Hz......@..0....G....rS.}.6.Z"....fv3]Lt..{.^..*?.i6.%1fY.....J.....XUU..,m|..V..... ...I..l...O...^I8m....3.?.+.r...Jk....e;W..y..>..K.|.[..b....|q......D..Q'TXB...,b.x.]ZP..H......a.....P.N....9.....V.d.......bGS.....Leq....D..G....f..G.g..G..$b.....g..:N..L..l..*."2..L..;.r..p..Pq?.Tw........<..k..H#.@......J..S..M....h....E.R...../.....h].j>I>.*7[....{e.i.l<..........*Yd.I.W'...#N.k...........4,...A....._q....0S;....z.LM5#.....'U. .D.b(.P..SRD...RH..4.......G..~..U-..c..5.A.-....._...]..X..3....u...-.q....o.`N..]......P,.X..o......Z.\b...}.........)JR......(..T3(....*...\.(.e.c!....D9...0...n....w$#.#g.?....a.y...6.o...o.....^bD].Y..U..C\.T..L.b..l....b..._...i-.wH.kM.V.{.B.`..J.x..1m.q=...oe......O.Ly......9..z..*.<....Gl9g..@;.7...d.......T.|.0..9Fh..4.[.${..5..6...>+4*S.S.\."..e.....ZLx.. .c)........=_.(.....7.........'p.&yC.+...F{.>.u\.\....f.?.C...f....TjRM........... ..FWD.k_...u5.7.

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.DiscoveryNotificationTask06_08_08_37_19_2360.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1824
          Entropy (8bit):7.896356925784057
          Encrypted:false
          SSDEEP:
          MD5:D767AFCF699D01B978476145A74F52D6
          SHA1:73FB5EB56D78EC18F4D3B31B59CC751034CB26C7
          SHA-256:891E58100AC24AD7CC9AC64A4DC82DAE3BADA00C6D7A733B327F390800AD0269
          SHA-512:33517C10E2BA9CF1A77891803955E1711A728B169173AC704ECE5F54C858B7DF894B9F84B3443E09ECF675C8BF573DC0C3BC83F19B376251E71CAE873CC2BB19
          Malicious:false
          Reputation:low
          Preview:h.,>.3.\..V......:..6.c........e....I...="y.../.A..6...W`s..7.5..K'U....t....JgL.l..r3..t..G...e.E...'......<...#T....A.XM...m1.I>&.Q$R..\OD..k.hi.zcZ..0Bf4.u.7.VV....M.D.1.*...yi...^...(..T...,...Zt...O\........%\|i0.C.IR....o..H..j...tE%..:.....,inM...<x..^..@....WOjz..._K>3.d...G.'{....3...f)..k..VL.fvhX.....<3...=1w......;..$..SL...sf........\.f..%......8.a.v..r-..WrL,.......&...%..j.f=U5.w/..c..a..wIN.M(.^#2.....=....t...F.3...o...K.....u....QI......4....2.r...[.`...g.z.....o'..7>Y...D..W..J...O.D...z.j?....;[..@..5...O.s....v.G.{sY.....f.........r.....$F@....s.6...H.Z......s.Cr..}..M17+..|....A./....~r\.7....i........>$n.Q.Xo.8..?/.....x......E.4..r.m..]O..".}..?".....n.8...}B..`..~$5.....`*h.PN0.\.....$.f'...$C..\.Cq6ZR@m1...@..8EfBU.M.$....*...)...n"../...Y....*.." ..+ ...F..y........x...V.c._9.S>.9.S'. ..>.E.q.F.....+93.c"..m.`..o.._.)j...So"Q.K....L4.....f......g.b..!.#.c..F..C.....M;...d...2JKl....@...%..O.n...3..l.E.......,...I......3

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.DiscoveryNotificationTask08_30_15_29_01_5794.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1824
          Entropy (8bit):7.881743109177744
          Encrypted:false
          SSDEEP:
          MD5:1F8B14457C7EA70C1D9232CCAE064021
          SHA1:5FBE28DE90303DB35C0FCE1D37AECCE18A2D7B9D
          SHA-256:66B7C402DBBB45CD25F5381594941D5D0044F0FDBD4F607C761A80AF4AD53195
          SHA-512:7F1DFF6F096C33553901538B6BA68FDC4B08C11818F76523A2FC51CE2CD6BDA30AB7FF95342D406846113CBD5DE1A4805EA9A8ABF6602311ACCBFB2D732A4569
          Malicious:false
          Reputation:low
          Preview:W.U\h.T.M..j.... %:....2..\...D.o...L...T{G.}.....-.v#4.< ....f.n..cK)......'.......f@...W..P9...9;......A+E.~[.\..X.6...2...3.<.).).(g.\.....V.,,b$.r..\3F.....~..{@.o....T-..m....0...3C..'7-ma.c..IU.VS.+K..q....&G..9`>$E..."..__M.......K..4.G...O.h..2.@m.l.CY>..l.1......Hd{w.7v.o@!.....^.......dJ..3.......q..R..i...).?r0..j{.U(....2Am.f..Y._..E.].u......j..SM..q.e...w.9."Ud...-.-..........6..W--.}(.,~...2.0@..=...gW[t,...+.>O.t}V.d...yDF.|5..&Zo..Fd%...........?t.>.k...\C....Bb.s@S3. .<.........'+m....o. m.XA....D...[EO.}9_...c.B.C...}.. ....]..r...c.............Vx.w.`.Lb..kr......E.....s.P...TG....}E... ...7....#....O.H..o. ..fG..bd...T....?..r..9...a02...p*......?...X...ws.r.<8.=..v.z.....t.@....[.U.D.,o/mI.o..8o..0...3..%.$.~H....a..s....(...Vl.s..[.*........w.2...,......+.~........k...+K.\.... ]&{.h.%m....wK`....4r.{.....L-d&..ix.....P.k.....R...z.....q.U[.(.[....r<...G0....a..H.Z...k/.H.t....h...!(........tU.1h/G3..}..5.

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.DiscoveryNotificationTask08_30_15_39_21_6523.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1824
          Entropy (8bit):7.886553464356242
          Encrypted:false
          SSDEEP:
          MD5:084B6184BBC88EF2107C9475FC7637F0
          SHA1:302D288851480A20CE9A33C6AFA13FC35ABD797E
          SHA-256:801E8685A816F207995AA6662BA1CC054EA87AA945BA2521B76071B6C5C9DE11
          SHA-512:D0CA554405F2DBC651C4D60A651A2661AB6A5A404647D2EFF455F1351DB1B9CBA86CF5EAD9B512F75838B3BD340FA35A5A59467A7423977286A1C5AB53D0E86F
          Malicious:false
          Reputation:low
          Preview:.....n......4B..R... ...Q...R.8.....U..`.p.L..........U.............k .....W.......b..O1.?.._.o...b.....W#M.e...e.MU.3......,:..E Pg..........Df.:.)^Vn|...i.....GGLE...VL...+..I.?......X..<xJ...o..@TI.<.<b.@...+ 9XXa...m.Q.E.H<......l.I.aD.tl)E.e.J..A...d+..+\1...tE...1..9.}3..w.]<...dne2!..?_...Pz...A..-/..V..._L...^.7H$..x.DF......'.D..%.....N^..f..$.[(7.....u7....!......P{u&..gH..c.PI.o.Rd.Z..6._.......ZI..?.........uK=.0...He.....9..g....?...i...,!.q...H.Dq.Y..j.....p....Q..b...UYW...`.V.;. ..7......Z&..P.?A.N<..=..X.`.s..w.l......}......J..\8....rh3....i.`.....E...ld'..S.k...K.x.OqU.h.m..hv..B....F..(.. w.%.a.H....L.t.F.&...2.\:|.+v...,...R.d..Vm..WA..r..lTZsAG.pC..D..o.... ..=.......>&..!....d...uc....{.....5..bu........q.v1~..r.lp}...#B......Z?....G`+C.m...>Un\%;e\+...9.Mw=.....K.G".7.\8`0.U........n~h.Y.3........D......\o.....qD.V..H.ol.A..H.n.9..iO<..X.:y...XI.o...:.}@..b.7.........o..#.I..P..t..../.x.-k....~)[..&.I$^P..`.`....E..

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.PostInstallationTask06_08_08_17_48_2373.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):2128
          Entropy (8bit):7.9176564734328085
          Encrypted:false
          SSDEEP:
          MD5:04C451B00241CAE74077D66F5FEABCC9
          SHA1:F4D77D49314A88459086D64BC6F6BD8EBAB267B0
          SHA-256:4D3D37C1130651638477057DADA81ADD8EEAC8D6449C329194CD2EB9F7C431B4
          SHA-512:57BD4D4F402283E847F868B262BD291E045B6C081A22A373DD102F30FD2B326F131DC317EC4363E60C2C461A892210804DF0FD8EBAE60F8C454FCEDCC73984EC
          Malicious:false
          Reputation:low
          Preview:.@=..?.[...i.......G.!~2.]+..@m..B.jN^4/.....O....?...o..!.5....O...t..41.}:.=...NyG.Y.98..3m.....].Z..O....-..u.z..d.cUL N.%.&..l....j.<...~.1D...d.......}...,D..v.....r..aS...OX.I..G}..k=.R^.5..F>Ro.....r..a.j}..%..-g.'./..0.3.F7...v.m....(D..=.......*ie......R%...i.Q...../!.x..H/G.v.+R.y..2.=... ......n...#.w..C.0.Y..6 %Tq..:...]...'.4.<..i..K.i.....x...`,MI.F./.;../N....Y.H.b..........J............{...~......Q.s.@......s..#...U..R..yif?..XH...]*...W...+.X....%%.$.yB....1..Dg..6..bR.&....}..:...`...b....~....a..L.q..#..q..rd6.E..ZK.= ..............w%.v......r~.Z..F..:T....... ....*w..W2.....#..iVS.8.Y2........:....@O.)..4.f.XE...o..BP....`.'i..=...i.'.:...$...]...i.U.A9.MRo9.|...;...t.1+..0.g..`.#O..M>.9c~..bOd.I.3........B"x......G...*..[C....og..b>.,3.G..k..s..b.|.P..r....M...5s._{.@....#..(hc.S..7a..>u.$..(`....C.@.Y$6.m.......C..a?..o....g.t,.1.a.\....p..R...v......l2~%.=. .2l..s..SL..Q.C..|<O......Q..b.v..<..a..~.#....`.9q..L]..

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\DiagOutputDir\OneConnect.PostInstallationTask06_08_08_21_13_8947.txt.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):2192
          Entropy (8bit):7.90944082484388
          Encrypted:false
          SSDEEP:
          MD5:ED9A09D9675DA884B1FDA23F45DF5EBE
          SHA1:1A28FAF5650DEBE815209276461B6A144F5BC2FA
          SHA-256:6149F19631180B6AB4E5E8DC4AA2FCD597F34A381206ECB4E48F87C0A3599643
          SHA-512:E8454F86BBAFDBFADB2F486308C69CEA41AB946FF7F4645FFBAEBEEF204D840BC355DBD36CC6F9FE5BE8B3D61B5FC74A000CB5C27D4C2242C07175A8664C2335
          Malicious:false
          Reputation:low
          Preview:.9?.,.eM.+..s...1.(.......+.c...A....GR.k.Ve7S.7...3...V.@;.}.~.z'.).z.../..E.0.(.T)...r......\O...?..........x"...Rk,D...h..V|T.5.s.....9.!.U.{:{.......{e(D)."..I.......y....Qm..9.I..[Y.Y6".f....T.R*.Q G....e.d..|.*.......P..&.N=VjK....1t.Z.q./.....M`.A..[.G5.!...4..9vm!.[Vb.i....8..=h....T?.M..y..W.'.K.....O1.,....}.....,.D\....h..d.z.5...5r....P.:...9......]O.-.<.4+d.C.....a.j.ML0N..).%..FN(..;.j.:e<..<..{).-M.L....*...}Q.1.....uQR.c..E&.C..6....b.....k..Q..........\....>./....u..A"qA..E....e.....9..F.....|..W:...+(C..rQ.N.....j..X..q(./..W....&.V...2...........L.F..@...*apU...k...M....OO..6...q..Tq|.Yq.... ...,.b...!..F..seP........7...D.+n...9..I.....Q.s.-9.irD.n7....n~B1..w...=..W.V.w..=Z.l%v:'..5../.^.......tlW.............}..i.*.L.\!$.C.:~U.oZ....<g..Io..... e:.`eh..G.......M.|.c..c.B.q8y..I...EA].(.\...?+..n......(v.t.'1..n....8A....a~....@.....4A.....h1Q..dU.5;.h....*x.3[9k.b.....`.j.^1IU3....ND...Z#....M..0...t..|.....].

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9769850504718125
          Encrypted:false
          SSDEEP:
          MD5:47B2BB5303352DCD62D7E28E92AAA316
          SHA1:EBF4697AD61BFF58DD00E163B39BF26587E0500D
          SHA-256:8602BCC9A7D2FC7A35CB7E7C55C7AA198CB00E5D333BC08FF1895146AFA7F528
          SHA-512:0AE23F824179A9B9D1ADEF759B0A130A4B162CAD7731E67B95B1D1CAAFD6B323C961FDB025E1D67A905ADC23B092E48BC8BDED1F7958C1A8EF74247B57DF4FBF
          Malicious:false
          Reputation:low
          Preview:.6.o....../...JXQ..h"k'..!....^.~R... o<......%.E.....ju.B..W.*..'..D../......c-[...6.0..\..G^ul.!.D,,.W(".r.00U..?.<.S.3.....;.q.R:...|..2o.v.....sv{.a.....+t.P.%....9..W..[.].....qE.._.....aY*.....fN.. ..\.....W..."[...?v&.(:.@M...6g.K.`..E..ROy.9.|.#..............%.L<Q.n..z?.v..!b3..T{.....e.s..V...jS...YF..-{.(hIs1z...f^1.Gqz..e......B.%...HE.....rX.B..W.Z...}K3.U|...`5yQ.V..43NE?,.OQH.M Xy.......M.T....O3(.X......X.RA...:.e..;[.....C...R\...I..cH;.y..f..V.0.<...C.......u.-S.......$.{u$Gy.`..m.V...T.k\..u.u\.6.L...|......&z.!.....$Id\.?o+........QgxTh.SQu..<t.m......I...%.>9.V...n.=..L.N..A...z..|........<.E..K.vD9...i"Auqm.H....4.[...)-Z......^ 13x.~.].A.........5hz.......;w=....6..XWI8.u.C...y.M.......9...BLg_.S.....m.CwP}%.9.b.%.Ct..U}....l-......D..kT.v..{@. .....e Q....g.>[.5..p..._mlj_.../...I`....k....l.~.....8H(....p.O...v.B....4...R...LX..'...O.\D...H.........;...\....JF`.S..N.`.i";..|./.,..:.A.P.*....7I...4..:......

          C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980096270157444
          Encrypted:false
          SSDEEP:
          MD5:979FB2A73506FF3ADFC025F3962F78B0
          SHA1:398311A667675A044896C85194F23642455DEFF7
          SHA-256:32B676F3D3F1755BF4C1135817E5B9731D4AF1F9886B2DD764272B7A8EB6E4EA
          SHA-512:65999FA926992BB08B820FC2E13E5106E5327ACB1C8210CD9821E8F24643EFFB687941B6FBF611485566D627C144AC7C315710B237A9C67F2E8620FE41DA51A7
          Malicious:false
          Reputation:low
          Preview:.9..z...~.ro.`.@....Ht.=5..K..s>.9...[y1Mv..h...8.a.....SX.......H.~.L5|HE.B....I...3....I...?:.q.p.\A.7....W.]];.d....:.#9..t.n..'......].....{.+L.<G.7...I;.....b...#\P....W.{X....[.p....c..}n....Vr....}..yg..P..m.Z.%3....J....fu_../..7.rB..iw._@..g...?..'.q....I...hB.c..S....;..<.$).j`.!.~e5..P...j.....{.1).#}j`.Sr..`..6.....k.x.ad.%C.....ZBGy....B.|.aT.}.....z.dwl6..........I.s9............<..L.W#E8o<.X}..7$..z...........".X.......f....0....l...J..^q{.G..@#......?._..AN|n.l_....^.j.!]....f4..mqJ...n....x ...L..{..G*..7sA..5...{...8...1.R.....g.....6..zMi..[V`.....7..Z.S.D.dG..@..>7..6...Jj...l....S.*.Y..../....`.h.>..yoKH.....9.&......O....Z1..C..w...{.5...V.....N.z*.l..8...@|.+..G.;6.=y.|....H.;f. o....!}.D5..4..=`.......a...N.A.tp%.uQ9.e.......3;R.s.h..Y?...l..B.{>.W.^^...m:....<8.........BS..$..o...fL]...g..3.W..N..nu.E...Q4.A+.n..J~.0H ]H.0...Q.6.~.F.V..o=P.!4.rI(...8..."mY.[A.h.*..z...q1..Q.....e..a(............D.#i70ANF.N...w.Y.`

          C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978021178987209
          Encrypted:false
          SSDEEP:
          MD5:AAD3EB64889A177321BBDB3B3DCF5F87
          SHA1:110A90A607A8AA8D7992E6F627A757C53B7CEC01
          SHA-256:69C1412164DA3C9676A6A49E482CD58BDFA22E5F7AF566685CC6C130185377EC
          SHA-512:EAC9985549F7E9FF0CB8B1BA2B34E3742AC2106E712074F2222902ED4A314102E6ADCA90BAA43644CB55411A606C56E235A44E9DC231B66AE4C9548C79425360
          Malicious:false
          Reputation:low
          Preview:.%.i8.UD........S...D..R.....p..Z.;.e}.LA.zCe.#.:7...O......}M....7.....B...D......L...K.DsE.XB.F..A;..S0...#...4b...]"........K.x.].5f^...M..A!f..mH..-Q)..2?M...Y.....M..*#`..l.,.....I.....".M..oK..P.....e.{...%..x....S9Gc.KAg.."......F.E).....f..{;.5w'S.>.N../m.>..M$........Z...F.8...Gt...`"v.0sno.l..u.q.{..Zy.4E.....y.LF..........'..m..d..<.t.?vO_.....#..1..c.HYf.............w,X..4Kp.c.mY..2(...F.i.t.[...qGg.p).......p.`-...cn.n.htg;..y...N.(../.w....V.}...P..G.....7...ZVK.....J.On.N`.CZ.. ..r..V...?.F.3.F4..;N.......5..N.....O.<.E.pk....^......Q^a...(.5.=...|..V...2.x....ww......!.m...1..I./.(......$h.......1J..\.O..../A...Y.f....Y..I'.]..r.....6.c.......s.1..Pn.P.K.....!..\.........S.u5(k......5i[.@+.G_.B.|....[..K.!{\5...G.I..KN...r.JxIg.....2.)...2..,MM2.T.~..3h..z.....J...-P...?J_...kF.....[...........dt...W..A'(......6...gpi....]..15*8....&s.5c..[.....%...nxd..&\Ev.p...F=Y...N..s[0x=.,.i|.!..).Rk.a.s...P.......GX ..xK5.J

          C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977849046915999
          Encrypted:false
          SSDEEP:
          MD5:F11BF2B1A519CEC122DA8448253DF0E8
          SHA1:7D6C12029A2A47DF49E028F865AAD7A2C3056527
          SHA-256:4685F49BA710F8075A1112390FCC80CB39B6F6E5EA15F39B34272C6838776E75
          SHA-512:BBDF8EA93F6C9F3F9CB7DAD63F1932FB025A6647B0FEB51F09A211AFB9CA869AF123611DA1A8336210321D1B37BBAEBC8836098B636FC2220B90BC80DDC8602B
          Malicious:false
          Reputation:low
          Preview:.a..x(.V6...X,;9I............]..'/_..nc'i3.......;..m"...9.<b`m..#..BZ....V$.Ljc...#.2..6.....P.....Rx&1q.D..D# ...7............[....i....vw2..Y..4..},..jT.q.+7.......'......s.L.-....13...........*..s.......Zg..A.Z..}&....2:....h.|...W...."mu.y..B.B..J.I...6IWu.....dB....S.......%............3....@....h.......|..A._....8W._4...w.j;K].e.....n9*..>.....`......U$.>`bW..(.1}..|T...8...q......p..1+B...{.X..a.......?...;*10.. "....i.f.'.R.P.."=.}*+.m.;....6.q....L@.....P...*-y.u.D.4..Xl..=|.C.....S..ypq.....t.L..j.L....wh..X...<g.C,%.}...m.$....s..G.I.V....*.}.5Sde....%..8.]..u/BXZ.l....rn.+.t.T..7;.t.\4a.~.R{{...`..3..J...+.W..i.Q.<......Yd...wN...?....'.....2?/.L..Q.........H.J...J,.Qj'@q..?N.2..f..}.EJ.Y...`..J.....>.4V.r.F.)...l.E.....'.....\kP0.,?i"..Z.D....g$ER.M..Vh..n.b..,...?..@.J.....Q.........IL.'*..........:Po.B.y.S~.*2..........l...,+....n...4=.e.!.........i<D'.....t..9........%.........i.Q.P..x'C.EBNQe..1O.p...Y....v...

          C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980280982047012
          Encrypted:false
          SSDEEP:
          MD5:8E8600DD37286DB3EBAF17B500573041
          SHA1:3C9EC3776A6C05584A4A88E529EEEA86A3A188F3
          SHA-256:2E50A77D6E146872149EE37824BE765BCB31C08980E45F7BDF40C542E3225A77
          SHA-512:A6D78DEB3AB34D41AB31B085F48CAE975657D817B7C61BBBCEE04C5DEEBA8474D123772408F2C7E76EC388644AF1EA4E60C665FCA6DDF759227060BB9393B3D1
          Malicious:false
          Reputation:low
          Preview:..5.*..F.BnQ....ml.(...*..m.).:./..|V..9.F";!.....5.\.2........v_ F]....)a.6VlU..l..tHG.._......P..2N.)}................iO.@...._....sTq"=&.,..$..C.D...R..IF........a.B.....c.....E....&sJ4..G<..t..9...v...s.....k.#.]...k6..0{....c........9.bl.IC....^.M....j\L.3........Ddbx....O9.n.....L.o.[Jt."x.#..U...^.../.... R.W.@@QW.3.../..va...R].......7..-D......Pl....,...d.......u$.....z.PF'*...Y..,....o.....$.....L{... ~.....h.......B.X. ..=ge.}......6...u....1u..`...Q.......e......$V.2......X...!A.z)r.{.a....v/A8....+.........,.C.j90.)..D...2..7.BV..`..}.ZI.}*.4.:..BY.....}E:.w.8*9.D......,.%....3. .....ik.[..H.0lp....d(}.G3.f....-a.?..Phv.:....g.j.Q.....E..^..Yg...c..........D....2yV.7.V....48..r.c.....h...\.y.8?n..{ZT.f.....g.T..0...xD.!...l.f..-.....-....d=.....@.>...:R......?*B.|`%G...kZ.....>..g...D.F. ..s..2.....L7;o0..#r..V.p..[..Y....dcmU.d..sa.,...._..v#.#P.'r.<,.j.^...>.'.J1...gL{../6......S!.FO.x[.;.*..?........ ]N...]..Y.#....S

          C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976376608490771
          Encrypted:false
          SSDEEP:
          MD5:6FAC25B04AADF93836CA74C2F6BD2A3C
          SHA1:8703832E077F9F98111E918294CEFF3A3DFDD3CF
          SHA-256:D06F5E8DEDA87C2882BD62BDA4598BE945C037E1D4E5F5FCF2BE5606985D5B44
          SHA-512:0A159DBE51ABD27836CBD8AE6C00F583A53E69B4559E05FB1DC919AFF9AF2E8C527B83BD5A2711706229A6A05AA321CBBD117A7431527EFC073FF61ACB74A1D9
          Malicious:false
          Reputation:low
          Preview:...0..p(Z%.Ji.fC.......6..........K.._e....]{.........L...4.k.#.d8...*p./..=.IT....+.0...f...2S.Y.M..C.,'......,^./...66s.*6(7.T..e .O.m;...7.U...E+........(H....3F......L.J..Gw..mXM.-~...6.Z.N".e..n...J..P_...++......>k.b@[_...s...j.`5.yJ...a...ygO...gc......X....!.6.._.L)...,.A.....c..f.=..x..M......N.......f....)J.9...2/v.>...A......f...<d..}..1Ss...".#.p..S .\.D.}r......j..,.. ..JdW....Vj..c.}.k......X.V#.7d..h...p...\ .A.8...P..X...0.$.z...N....5..Zn.....U).{n.t..H9.._.....&.r..........7....A....Uq.n<8m....3 8....;......1......Ga..@:....&y....p[..o#...oR...L\...)<C.....{.U..T.m.i`...>..Z{t).Ap..o..ur8..l.-.uUe..k..'.<D.%....M...rZ.=....pd...1e...6,<......i.e.7..2..U..}.]'C.....:L>.....ae.^...(.}..L...x..j....=..!p.<p.........o%..s.S"..w.G.M.6fi..H.vck.-s!L.z..._t.+a...t.o.~.M...]..6U..P.|.#..U..]F.;...EL.['..W....h..l..`.M.....9W...7+..f.`.)p.P.~.....V......al.h.;..tC..jZ.....y|..6.yr...l\..u.y44_9...z..N...FS...1.D

          C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.975118901403282
          Encrypted:false
          SSDEEP:
          MD5:28A8B7884F852F71C352932DFD60F7A4
          SHA1:B415D9641111BF34C05C63D51FFB29792EC11D3C
          SHA-256:ECCF2EB67016BB3C895A067E60E35BC3FFA51E38F820E7DDD452C553F55C9C51
          SHA-512:19C73FCAED6F141950E168CF8E63AF9FC4BEE723C0867FE93DF32362319508EE0E570B68D9423D1EEBE25EDD4714D4DFB2DA2AA0E3B8C53F4F38F43C90CF2AB6
          Malicious:false
          Reputation:low
          Preview:..NI.%.._..ZL..H....y...,.2..a......."..-..Z/..#..8..|e.7..e..4...U.=...h."^.k.W.6...Y.|..&.7.....o.1...ZSj.>tg......8.3C.2.!.-.u.....l.Vx...#....XF6x.....b.1$.@.7.\P.V..Q.a.d.03MX..H.C}..#..C.y.......E.H...........7..z.I...aS..<.?AmS...|...i.p...l.u/..B!..bb...h%......m....z..)....P...eN.Q.`.y..Y........=.a..\r..?.I..dE..r:>..>c/...c4.....b.......%.6............6..];..........?..g..o.6.>(..e....l=..AgA.@......u...c.L...V..:.G.Y....T....6M..d:.....i...e...K6..K=.Hb.!N:.\Bu.Y!.4...-..."X..|.*h..[.@0.,.m.q..^...:..mpV...n.&#D............3.I...@..F...Q.R.h3W.........2R...&.m...+.....?;X....2.F9.U...K/TA..f..t?5......S..+.E6..&..B....)Xj....o.6....PJ$..R.:.T.7.........%...190..X."9....T....t...~.....{......." ~.Uc...w.....q...:...i.*.C,...(WP9.0).!-`..........E.{...`._.......HV!.y.8.J_ .l1..ET+6..%P.w.....Q...O.=9..4......l......M.....!.G.^......I....d.......r]\&.q..k..-.L"...|.3ds...67..!.......O...1w.....f..Qq.q.......`....T.f$.k.(l....P...%

          C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.975543762077335
          Encrypted:false
          SSDEEP:
          MD5:6381160196B1F5C22AAB25FA4A61759B
          SHA1:F1B8FD7685AC216455D125C59F15853F86DF3FC4
          SHA-256:65D596786ED0668994946C16AC81205713EFFD63B48E8ACC6F82F4470B560AC8
          SHA-512:CB10A01C7BEAFD6C36505290B1E428E681441799995C1E7042B1EEC7E0773FA4E99643E006EC6AF9C3205EE21472CFBE1F45931E17BF5828F1A11D95BBCFC926
          Malicious:false
          Reputation:low
          Preview:_q..5......4....D.W..8u....'k..1=...{..-i.K..k'.>..|..r...Hp.&.a..e..Cf..a/..p..6(jc.aj.[4o.Z..y.$>B.z.ZS.....:......;<n.....v.J..../.'...|'.gr..oE.T:.:;./..mr.....\=w...N.......y...h..h...r.e..kD<...8...>1.....%U....I.,.A}p.T.....a..-.j.*j.i..a..H....q]..;..jO..:....,@C.M]...1.....9x..V*.}..w...gm.....Je..bt...J...;'.. U...<..I6O...m......[.../.?...b.i...>.D.h.......F.O.......<*..G-.......5R....U...z.n...R...P.<.n.S...]...=.UFE)......." ...O.4.....]R.....@2L...G.. n..w...H{...'...&.......$/X..xG&.L.!...?,7.../~.4..O.e.s..?.c.5.:%9.bv..M..:.F.zSH.`c..A.iB...u.9..D....{../&.iR......M..U.S....RV|kL.....>zI..;*..@..o.fE.5e.....f..<..@....^...u$&...*.<.E.tNN..5 z.!..~.=Mp.o_.<.n?.j.`..D+....K..". ..+O+.Eg;..u.m9..]...%OmI..*:.KP/.O.%,.@..3H{...F.....R..+..y..E.w..-...]~.G........r?....?]..)]...G.]V.....IpG....tv...;...*.u@..<...i..'t.].[..7..8}..).T...4...z....R...c..M.yG....>sj....Q..W...w.....Fz.5.&...].).|...b.........I.ZN...M.C...!j.!...4....k.

          C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976006151666689
          Encrypted:false
          SSDEEP:
          MD5:E067A0AC0CF0195B1CDC6AC9EAA6531A
          SHA1:7B28D66B09FD3CE426B129E0663BDEB25FBFFA56
          SHA-256:BDEADDC0A16DF552086742ED227BF1B94C2EDCC8BE3596AACFB8F5467211AFD7
          SHA-512:A7E1372CEEDB9D27C2F1643300C060B76E872AD171DC5B583B88A3CD38033C88D70CEDFE2CAAB89904C87C1E6AAFD1F32CA9FDF801C37D865125F36B47EBEAD2
          Malicious:false
          Reputation:low
          Preview:?6...h.s....q^.........7._.|..e......rN..J(.'.S.....2B(b.L...kn,by.F.t..0)..2..q...D<H.=. ..q..%:....(...k....k..%.B.Rr.S.r.;.i.......V.^......96B..~..w.......uJ.6...w..*....Lq.....m}NX^.x..`..BHX.\..a...C;G].......\.*wS.S.5E.{....R.eQL.".x.. .?yq/2.HK....NTY}f.Ia..v.*d...l.T.\.v.#$.:.'@.z6.E....30.l....^..W....B3..s7R........U....K.wy......d...~7.D.r.u....zT4.b_=..Mf..0E..B..OO../...YQ....4q....D.[..z.g.4...Aq!wH....!.6.K...+...<....^S.M..#dpc.O.g..N...;>p.{V.e.H..n....w:......q<...v0...!.D...P.#..H_.d.L..-....61>:...'v.......X..A.......;o._{.....T..z>.d.L.c.UT.Rt..b{..k.<.y.k.s........,..1.:...3D..$.."....._>.4I. .t(t..-n."..\.c?qe...k...`~.....J/..G...C....{.....-....@1_U.k..aC5. t....;/.=..=....s.7Oh.N.I..zs.).&..L....7@;X.?......R.^...P..'.FOP........&.rM...."'.G....9.v&KT.IPl........o....w.d.\.>H.l.....,i.UW....<.F..K9.......X.........H .....u.. . ..a.s.,!a7.<.7..+...d...$.T.........ZMN..,AD5.B.....u...C.D.-S.2..gG.<..+....._.

          C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97907341051571
          Encrypted:false
          SSDEEP:
          MD5:020E4089210FB2CFFC1F90280F319BD5
          SHA1:AEA52CC283AC41E495942B997FBCD97EACDC25EF
          SHA-256:FA2EF490BC0163FE362BFAD9ACFD8C008E8872640B5B2BEB36D9820418376F1B
          SHA-512:9F664BDF6A57690BEA5F9E3C19A6045BEB40BC2B5B3762B5F27DA1DCA2AF6221A14C6543EC2E465ED74F94BD6D75A972C1CAD67E44773B4416D0FAB20CE6DFE1
          Malicious:false
          Reputation:low
          Preview:+..9.[Z.]H...e..p.....2.+b...P......0.z.LAP.&.`o.....0.8.4..1-.c....c.vg{.E....T.. J.w9...d...).wal..G"L...Cxa..6...2[/6@.y...2...|.%"..i..r.5.X..........a..W......8Ut.h.:..h.V.K.P4.^./.%.^2sn......e......p...t....*5..&.r...y..X8a.I.-....zM...Qu.......=....Z.m}..]hs.?....w..Wa..0.z='D.=x......I^Nd9..\..I.@..}.x......&....y...d......k0%m@:>.]...xA...T....I.IX..%......Ba....C.o..b:4..\.[p:NC......QD...&.0..o....y...3....!..P......1..M...m:.{..E..y.[.J5.qpA.(......A....7.....n.(..bA.]/..dpC)B.o........T...._]..L.<m....b..............F...i'..!^0.O#..k.rS.Kz+.8CT.hR...n........q.V.=Jy..n....u...\..c.AsS.../.;.C.tV...,.-..,I..,...F..x...7w..-...$...0.my......h.Bi$..[.r.!.Fu...\.0.w...y.dJ....A.+;....M.H.........3...c.......f.......a.|Z.].E.w..G.r....I..tP..o.x.hy.......eU..Y...f.2.n..c.b........g8...9.....7..........H..O..TA....H-.....xW<....?.;.._....{.v..2OC..M}.,.i.`..Y.-..w...`.Z.26..8z....ex....r.gX......+M.^......>.".......|.d....T....".

          C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97828581692923
          Encrypted:false
          SSDEEP:
          MD5:4B872F39697376D5D818C5919A2089E6
          SHA1:088D0CD342C21FB997EA58C1B0F00C26FAF80ED6
          SHA-256:99BDB0A1D8D9EBC891BCE77E2BF8D0F6E5CC1921A67EF5B12B5830024CB742F6
          SHA-512:739D8D4A3415BCAECB7AFDFF4846043B7B51B2F741C88CB0BD98A3920A11856267F3CC5FE6733D63DEF76F20D03ED54A434B08BD3FA8FBA2EE6B64BA0924AECB
          Malicious:false
          Reputation:low
          Preview:=.Z.=....2i...W.k.)..NG......J..-.U..1....Eg....W.....w...r4DR..B..c.....T..qw....Uu..;....... ...q]..J..?...J.u8@..TtAj.Wc}..0H.l\..O(]g9).........o.....[.......6."K9..v< 2.,f.<.p..J.-?p..m.|.....z....k.\:.......J|..H.....I...'..6h%.z...YS..../A.z....M...M.D?.&.M...Du.U..<2........_..p..4....?.%V..8k..,$..Cku.)..q}...9...3...Hw,.[R.k.......X"n....I.z.......cqm.<..N`....Z......I.`.=.~.b..W.a>)]. .)Wd.....]D...vl.../......[NH...eZA... h5-}0....N.*av`D.^.q....~%..G}o...8..IH',l...C........[.D|(..&...........$r.0..x-.z.dHa{....A..L..=..VZW.M..q.....7..F....s..jI. .........Q...0#kMw.....ediu0#.(."Y.6......] . d..I]9C.....h.......M?N...I...u. br. yh<.#.(.t...T...R.G5.:Q+8.9..e}..@.....i...`E...o....gWc.,Z.H... .GZ...c.g.(.,K..O>4...YX...P.....x.l.@>...$.q.t8LN.bU.D..!.....t[2~8...P..yMR..?qt_F...".....q..[...z..03...~.p.g.^.^.Fi......l.?c\.1y.c-..-`.c^...i_.8.*..g...Z...vwV........U....^:.b.?]...=......f.%h..1-.D...r;_l.v.f.x...a..R.?...

          C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97888285115457
          Encrypted:false
          SSDEEP:
          MD5:C0A983182C6ACF75F84A3E364A96B73B
          SHA1:867F2A514CC93DD1CDE4DA950E9146DDEF4826BC
          SHA-256:F5E7AA4902CC80F3EB9E7AE9418913EE7132FF771771F5DB747FB8F116E25474
          SHA-512:E275B64417009F7F8B4C5DFB62836CAD911CBC1E845C1C309C7F414E6220A4DA58CF487289E4DD676742BA1A40CBFC3374491F0FDF72F5F63B7B4F3107824506
          Malicious:false
          Reputation:low
          Preview:......,..../..4.0QO.|..@....X+`..B'(|R-,... ...... .H.......Em.}......6...[.Q..).......O.:.*A.P..(.(.`W...Z=.77...u..j.e'.<...pg.....t..,......#.g...W.W1..Q%a.B....4wsD....J.?..o..B...C@V7..Z....`.....+.Q4.v.......:M.L........Q.d......EU..}.............n.S ....A.A.C'...Cj....m......'.Q.....Xb.]T.'}W.\.6.%m8H|.8Ve...z.....B.....`sb>U:(...,..G....#MNa0.!._u....NrG..#K6'.......3s.CtX..k;!..z..q.`61p!....&.a!a....=.....Rg...d.....q.). ...M~...r......#d$m..!pS.9t..%.C......$....8.~&..;...QJK.b.T....^..._.....<T*..q7Z)...;_.M..+.I.....(.eQ...X I..x~..H!;J..|.o1.#...I^..?.).C.._7........c.M...i\......%..m..Ny.....&.xNC.9g.@..h.".O.a.....x.T..L..Z..M...q"..t|....b..g.,.Z......-..7tC.sN..Qe~..^.....Vk.k..Q....,j_.85.Mt..%.a.1.f.o..tv...j.M.x../..P.n.>...)=..<//.m.u ........6..f..I.S..v...l...6T.{..W\.......>....]v..:...u.....y........x@.5\....z......R.. .0T"......i...lY...'.8..+......])S...].?> {.~D.T.....=1i$..)Vk...!.Q..C....2..*...j'..YX...0.

          C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978247166732347
          Encrypted:false
          SSDEEP:
          MD5:85784846B6D0385EE432021B464A932B
          SHA1:5E239494A751EA16A03BA5B786B4E72DE52525D3
          SHA-256:E5882E3EFA63F674E7C0F3F885A6A7EE39E2ECC2E6B6A1FAD03485A763C5EEB2
          SHA-512:3F572C79CB859D8E51DF6F36C4B3CE8381D96F1F5267F7C9C004A7513A13FC68B3A061D30CC6DF8EA5B946E75C2F49C77FCC4A0554C23598616C669C620CC85A
          Malicious:false
          Reputation:low
          Preview:i...M...M.|...$Os.$[.....xk;..JZ.},.I.....aM....cs.,4.....S.B%...xY.....^.....h...f.|.&H....e.....w:.Rn....tX..>....."@../Byx{..&..gx.1.....PQ.{2.....w.v...\s.29..S........>n.......Y....X9@....!.x.O.....*Yq~.5.Rj.+v...._S5...O...q.Q.p...b%....d.:.M.....O.x...}..N..w...r../..}l......{..Q.+.29...>.a.O_.....m.../.*.k/h.=).....d...Y.'...q{.=../.....w.NK..0.>..!..*.."="+_..R..5X.."....E..y.2ur..;...u=,...6$...r.....%.?NV...B].{.@........pN).F-..;.....T...$..=..<VAd....,.q7XJ.A....7]......38.S.....kUh=@rZ.Y..-.....@.O.s.<h~...2.S.b..tO:..Z.&.<p............)h.\*.z...S@V...M......_TS$..,0..K. ..{.T.|.B=-3.m...F..)..C...$vi.....i...._r..c........kc........A...uQ.......w.&..@_h.v./.~.r..<..........R..r.,.Tb-:N.}3..mS<..Jib.5.p..yc..z..K...J4......|.=..k..3z.9.=.p..SCh..l.M..k.*(........[&e...,3F.`.n.n...<I..3..W...M..D.6...*.....ES4...E~...aM...dF.B.M..R.ju.d..F.~a7.....q.I,+.}W1t..wryW.N:....,{.......|o..cQ.Q...5{?.Sr....t..@....6..r....,..=,...zd

          C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:COM executable for DOS
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979475926652781
          Encrypted:false
          SSDEEP:
          MD5:CD483DD1AF6273C4AF3C9D669D26DB21
          SHA1:D79B471A9E1FFF4808743C7D5596A2F5CC0B1627
          SHA-256:2F5F6FB8126903A5B1C96A820DC412895F88A30615B6B0C081A4AEFAAFAFAF02
          SHA-512:AA3FA1F177A142595254E0DF398482960E730471731F8DDB38FF05F7CE598747705F673848C8EC20D7545553D92F798E9537B56C66B02BFECF0A85C18F4F0589
          Malicious:false
          Reputation:low
          Preview:....j...?j@..F'!...OdU=.8\..\.....\......\.3...kdCy....E......6..T....j..5..n......;=.......#m...m*.}K}6>.<.MEx.||.......ci.5`&t..Fm..:....]&...S... ..?f%...j5...zj...H...E.g...@l.2Q.|...#^..`..=.IbI..y=.....;'.3".,,....U..IqmHY".q..2w...'x..-.N.....#..^....>9D..g[p.|.._.... _&.6M.8.......K,2..*.B...5.U...+g...V........w.V....~...x#.-.<o....S~.....7mi..2...>.Q.j.......FJR.L..xA?..q..4....n.......Mp@wi...g+@.N.D.....s+.F..b..p.Z.,D.?.....z...]8=..b1.6/1...3C..l........?r........./..<Y.L.H..L..q..)G.%W.f....P.N;.}..>........#P.9....I.7.{...T..[-[jGo.&.?.P9.z..f....y?.vZ..k_.......-..^./.A8.;.^.....q.....>w....j..S.c.`......I....w.u..7..:.%..Ok...{.s.Hac.....2..+..0..9qg.Q..A0..|../K..;^*.."..=...v....)$G..J...D......L..v......{.../.`......S.6U.W.......1...,8t.}...i..V.B..z.a...5).O.R....._.s:.n..V...%....^......2R......'...2I\.B .^....N......i8!]..9.!.x...^.+.&J..hn.....u(...VZ....... .....t.. ~<..!..w6w0~.. ..,.Zx.........VP.S..]r&P..!*L.

          C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978129771385439
          Encrypted:false
          SSDEEP:
          MD5:E5D56FA9786A43147FB54AE7644AB9B5
          SHA1:551F358746DD14BF4C13A99DF82D4631E39859F3
          SHA-256:7FB264D5F7961C90D4142F521A274F1D52CBB7DA6F64437EFD656761383B49BA
          SHA-512:F57226599A1DCE9C55A745ACE018B19B2A4EE25E7651FF9A01C908F4C1564B534769B532F4FD9AFC99538CABFAEC48765E41EAA96CF812DF1018131C9435562D
          Malicious:false
          Reputation:low
          Preview:Qs.\..d.3......H.9..p>F*vjH>.N<..Z...?....^.U..-m.b.nyh......K..,......g....H...P?..........bsmX..[*@..;b..Q..`e2...2q......OQ:eR.....s...J.s2..F.,8./.n4.(.W~Y.H.....`5C..z.1.Lsi./lI..7;,.t....O...c..A.....LT.J.2...ZRZ.......}..8.k.xW..<......\.Z.~.;.Z..W\"..2^`e9.J...2.^I...._"....`.j8z.g~..h.h}d.v.3o..}.ZC...\..{].[.u..7p.(X7..F'Qb.q^..I.....+|..%.....0.2G.djK.$.....6Ca7/.j....^...8..*..r<...b..y...eoj.0...... ..S..D..!....1..[.....&..o..b.....>.W.u.@.../..3...........Q...R.R..oA&...f.I.B'i..;..lk...8...J".[.3..6...!1.-_.9k.'.k.?.xzbZ....v~9,...WB..h...~~9...m(..0.W7.&.......I.fn...(.tb.y ...]..`...^...fs.Q.q[}..X..i..R...jF..G.h.@H$.OJxTh..}..."-......~%.2......$}5J5..5M<..../=.z.:J.a.$...?.D....*.........wPT...G2......I.q.Y..#[0...(.+.s.Z.....M..$.T.>N.k.Q.:..c.c..U. ..H..Jk.......x.+W.Gk.......r.].<W..5.b..Q.[....miCP..E..7=...b.G.$.\4...b.....f.tr.G^......o........_...#3dB...g...Q.U.?...P...0......5ub..`.;.|.<*BB-.D..GU...5......Eb Z.

          C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976651137635123
          Encrypted:false
          SSDEEP:
          MD5:63B02FCD8EB6D41290B4546B4B930D9D
          SHA1:0BED2E9782D1D2DB814BD8BB26EC90F248C04205
          SHA-256:789701A5D96CAF417C93999EC144A73DEBEB13FDA3D43BA3394A26FA0C973828
          SHA-512:76AEB07E6DA3CBAD375BF208BD91319E0093A1B2519F7FBBD3BB9697B8913029F40A689D0B2EDBD9D63DD2A11B1056BE1C9FF9CF95C1D13541CE19A2663D77C2
          Malicious:false
          Reputation:low
          Preview:....QSP.l"D..s..z4.:|_.lk8.p.+.63.#...Ew.^5Uo...n.G.VKZ.r.H.:..Y.....^.r.....`...$...)N......ZM.2`..v..P.tJH....-.-.*..4.Z.G.Dx.X../.8..[.o..rq.........3.n9...E).u...E....r.[.P...!cwuuo......4....(........8....G.c-k..V....'c.8......`i.h.........R.....n..^.....UL.q.JG..IO.>..Jhf......Tn0.,......P.5..;.......k.-...K=.Q.377...P.\.[.....z.b...G..xW.{....... ..@.7.%nf|c$.J.{bo.:.g..V....*.^W.>l....6..`,. .K1.'..x.M.......>t<#;.g..L.....!.F......>.......[{V....=.Vx.f......k+....0......|.S..P.#C............d....V.W;E.....N).& D.^*.|.N~..W.{...I..w...{Y.9N.d.$....u`N.>.+.$d...{..X........o."....P..F*s~.(...)3..&.G"......n^f!2<D...y|.."..[..T...d.v.L.n.w.7d..:..p.P...H-......'.E%.v;X.:.i.....W...P.5+...Z.^T..(.)Q...}3........>Y..@...%.I..+..N=.nD..*.4c$3..8.o.u...5o.w>.<QF.Q.....Pw.K.,...hK@..HH{...5+[TA....*..u..y.0..uz.(n.....SSG..B.....>%.+....*[.$.........[\...0.}|...!.xs.@aE..i.TY..k....w5.,.CO..*7{.....}Ev%!].w....tj..X.*1..~.%...$..

          C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977931513134126
          Encrypted:false
          SSDEEP:
          MD5:F64BE64A6308BA70512082C68C347D1C
          SHA1:F42CD7ED4E0264C089B860378CEA9FB366ED1423
          SHA-256:FBADA75F1EA24B2E11D2215D29AF82EA816EC5354E2C4761CE5F0870A4395BDD
          SHA-512:8DBC118B661ADD8F02EB409C41A63757179943997F33EA92A67739EF6B4350CBCA0AD0BD5C5DFE1529032034A2EAC87922E4EAD59DECDDACE598FB74457F20A3
          Malicious:false
          Reputation:low
          Preview:4C./..OjK.0.GH....&.-...zb..h(.+.d....F.[J.m........s!mcV.?4h.f..:4..'..'%....b.G..M../.;y...Q{......x.W.m..O....>>...@.UBG..P.....X...q.f....U.nY.>..af..0v.hu....^M0.^...bSL.....>..`..Bt.a3W.wal...K..6.U..F\X....._f.:....HR?..NN....zg.*..%.P...=.@$.5.3..t5...{.. ..........c....`^..U.A.M..of.ol.s#{.f.+G.3l..4K.......g7.B...e.Djh\.y.X.....sX..l........`.2... `.a.c.....w....EA...% #b.....e.[t.....8...(..s....k.M.....:.OX'yk..n.G.Yp..#^.V.H.......6G..y&.2".....`H.s.?..C...w.k..j.!...t._..w6....E.....7-.WO......c.].dWD.\N..TLd..,..=S.R_4.3..d...a...C>.g....f.f(w.nA..S)......v..*x.C.+.)_.z....*X\.......G...K.{..1.Hi...+?D4..%.9.|A...s,...P.&..+./....\.8Y.6..q..D6........G.\.6@.61llp1..x.3)..i...R..mK..[......;..MC..~{byH.o.$...j.@.......4{........o.$<.Z\.Q ..wQ...r^7..........>.a!.-... . x..E..o.x.R.....-11....D.a.....8'R:)...G..f.F..!..p.....tR..B.....Z._....f.]...1[.......6L.M. ...g9).-.c.Y..g.]G..........-...{6....N......j....X.....`d.].....Y...

          C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978895485746736
          Encrypted:false
          SSDEEP:
          MD5:B5B2ED4E15B56A4E069B2D540A0EFFF5
          SHA1:38A5F194EF50DDA5350C02EBA10639C22373B311
          SHA-256:234DB6F022D7B23E5BF9A9E37D5DBA668BDDD7188EB3932B6B1703D6AB17086B
          SHA-512:B789645201BABBC70BE9A12F60171CDACE8010AE927A766903C28883714872F93A14A3FF51F34F2554EABA83AB3044460A892B3CC2F051BFCCC67792ADB9A906
          Malicious:false
          Reputation:low
          Preview:..._ys....U7%4......k./='..f$..........C....#F.E6}Qnf.".".0.\.@.jQ.a..AP...w.~.q.]o.bo.9.4.,=.m?......3.g..|..iT.......g.....j.r.W.6.(.25...`.~QV...q.O.I.."..u3.8..."=E&...m.%..dR.9..f}....'up.i..O.~..`..=...LF"Y...........b...?.6.o1f.Z$8.<!,.^..d.......... ..X2v.=.x...|m@J0..a.-....R.,D./.... sBt..../...O......-7....J..q>.=.6.m...*.....5...F.bd.N.*...Zhy...(0c..v.2.S.o.&.D....zA.|.e......RT}%].'1l.T.-,4/..O...@.J.........w.8o.Uk?=...Ui.....e>N.).....krl.]q..D......8..$.....Ly.j.vU^..B..^..N\..]5..Ks.7.7.0y..I..43..n".....!..S......g.eB..m.,.I..*A..G.m..e_.!.s/...Rd.....zE....S...o....).H....B.....=..d.+...|.7......6..<.n>G..W5y{....o.."_...Y"n.)).E.vf..zG...LH.......N....XP...+..$t.Vy..|.z%Fq...vr..G....z.{........q=&..(...-...xS.{...`..V4L...[EQ.....T.(.....x.sL{.J........gX.bl.i .z.A4.:.`F.h*.......`b@.. ....!)..!._.s..w.."~.....d...>;....V.7..f.....G...0...../o!..?'.....r....2i(YZ...$-...*...b.e_..1......C)7D.......L......y6...

          C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978685632037596
          Encrypted:false
          SSDEEP:
          MD5:57CF41DA46A9A5A76957D8987B921080
          SHA1:A92B8D315C78EB4EB6756ADA8ED917D2F8DE8F65
          SHA-256:A8CC18C41579EAB28090CD4B25BBCF80E36F42A5FFE9331DD376A2CDDC636D31
          SHA-512:897DC1885596BF58CFB929B9345F4DCA6DC5D3A1F29E759E0A86B9358D7E6F976B35637ADEE29DA1D5A7E4182891FAFC301F37D7ECD1760EEDDBFEE77329E820
          Malicious:false
          Reputation:low
          Preview:.[.L...........!.....=<.F..s..VgM.A.7.D......CN.._~5-.&..L.j.PVnI..6.s....xo..}...).....,....E..^...[...._......+..W.Tx....uH....)I......8.....!B.2?`........J....0..0..m...^..uB.k..H.....@/..r.....)P.......g....O8.t....H..%Gg.T....%.Km(.S.L>=tO...|.....S<..!IvI.3l.m..^.({>.9.K.AYe......{~.N.J.2..........U_....?.9...v....v).Z.h...y..@..u..8.=.5....}........G...L....d........``j.............]..M.J^>{.v.....t..Q|..G....h.j..&C.R.{..l@.. Y_.Y.&........<8.4....A...Gn4........H.}..9.....,.m>@....h8.4..j.....j..ZF......^%....zY...Nf...k...^...HA..KM.th~.^'........PL.f...d.Pf),.tE7..A.......Y...#........r......A........iF.z..B......P...F..U.3xe1.../...%..G...sp>.....8...P.....n5..,.Z.........E.o...g8.L...G.NZ..F_g.(j.EWd$....{..Ni..cN.$F=.S........ .!...g.q..%..)e/H...j...k......|...?;:sUgl....Ga....m..+............)>......lG.:.1..SX..L.l.jX.BP.^.........B.......i..8.....h....*....w.#m....:MRB8.dL...a..MK.....mi....4%..&..}... .%*/-.....^m.

          C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978397319018383
          Encrypted:false
          SSDEEP:
          MD5:9BB06764F7E5621D0E172E24C179A8FC
          SHA1:C794915D300362963F55E1FA5DE04A8D69E76898
          SHA-256:C728E4D4530BDDDDDB1D37CC3A986A9D5D0AC1342A37E1EC995819A212C9ED62
          SHA-512:2B8DDD056E85BAD9BD1E6C90CCEE6FECB1B16BB2D6CBF6C45F6EDDE300194F7F3F4A2AA399157014C533F82F5DCD635905EEC427DBCC23A2B8C30A94948420AB
          Malicious:false
          Reputation:low
          Preview:........d..Ut.-tJ..u.......s.0..4.!.P.{.P.!...M.@.,...^...Y.W..k.m.......t.L.=..L.40V....= .~>dF...p...'k..t?..zc..kD...V.{(.U..5........CbU0\7.>..E.VS.\]...$..j..E.Bty.L.Q(;ij.t..Rg...RA...DY...@...:...e..}.#...2}v...cD .......v.....[.'..2...).. .2E........g.q..z...&.U..D....B.x....q.K.....:..;r+2.zH.,.....a....3.|.C.B....}...........+.Y...z."E-@/..#....R."..j....J...z.....-.h.'.0LX.Y..l<..V+t....%./..Le.{n.K_e...{...e\.T.1Z.s...x.3.Cy.?.....l.W..P.....K$XA........P.O..........x......0...0.hG..b./@i/.!..9-.*3..4...`tJ...........q|K..@....ke.P.......=A0mt.... X<$r....\tx.. .V..?}..{....;...f.>..].BR;..jw..*.AF.?.OK.7..(.9A..ze.)....i.8S....8..+...[.:...:..H.l....2...jb.....pq-.f........DQ.=..t..v.;.;.]...$..A...b....NSVv..+..G.:Au.|/.X&.j.....{.......F'.R.<5|..o.:QH..OZ...4.......K...;.......s....>..A...H...a*...R.........c........p`.s..[l.\.N.l.}..S../P.v..T.W#...hn..\..c..\...jM..#..."\..O...,....^%;VZ5.o.?H'.@P.1J....*..8..

          C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.975033621729426
          Encrypted:false
          SSDEEP:
          MD5:FB140B059EC37D988CF1AEDD257E81B9
          SHA1:A915AF1597A5D3D1050CC1BA0F7EF144233D6C05
          SHA-256:FBE8636DF7040A75B15F4D5F0D74FC1DC66420F662C94B94BBCEFFA7B2B57014
          SHA-512:9EF9C62C631F17F0D1CA1C776336D9D6ABB6CE8106DA1C1340BF4F5F9C433B67318ACD8958F931DD9403C79128D77D067C394172A7DAFDC88B4BBB3ED80B3DF5
          Malicious:false
          Reputation:low
          Preview:..C...A...F..... .m..Q.....b...1.{..`..Hx.E..I.{7K..Q......vl@.{7>+.!..Ei../..=.%X.~..../z.<..8{.B..T...aC.2..f..z}./.q...M;.A3.C#.J?:.L..,...)b.T.a7..\.I.........v......3...9..g.\!0;&q3.JG.A.f.b/q.b..:.....X.|.m.3...}.j.)jY}M.I?..M....e.f. ^1...G...M...,'...W.^{...u...*..E.e....\.d...9.N.....g[.........g..j./.b...y..QG.......?u.........kMx..cd....,.i...,..h..H..:....Z...~."...y.c..~.4......n_Z.F3?..*.4..{...../...9......>P....cG.....6..H....q....J5...r$..Q........e/.o.<..Dh.EW.i6&.O.xP...J.I...{T../.#h..\U.%2....rm.k....P..4.C..."~.$7;~h-.Yj..r?......s...:.<..d.w..P....w*..M.H..X12..3m....~jQ|..V.....Yl.X.vk..>+..U...s.......c.)sh.*'.i.S.Xy..*G.?.\OL]..a..|.-...~V..N..Xg.3$.?.&..U......).dq.....r.8{.....@...u...).0..&6.%.D*....)..2.B>.h...v...&........i..m.`.......Lx..Fh.!...:j~3rn.....Z...(.c.._;..{@....A..Y:....7=...q...._T..;%i...k.*z'f........[.+..A...V2..T`...E.._{..y..w?..N@......E.^M',..P.H.M.Y....2/...{.m.K.!A.PT..NR2..).....,

          C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976961899162028
          Encrypted:false
          SSDEEP:
          MD5:1389EC691957CD9D70AB9CC8EC23090E
          SHA1:6F0C37CDFDB6CA40DF73589F1B927861FE13A427
          SHA-256:26CEA80B2A7C3C52F67E3CC4DA9022747F30052C87EA11D5FC56E80B1448469C
          SHA-512:2A68C15D076BEA7281D73A9A101F17787282B2E559348E8E49EF0B0DDFBD6136BF85156FD36337BB0DA9AAF7E43BB7F842780A0960871FE606B93DD1068378A7
          Malicious:false
          Reputation:low
          Preview:.zS!.:{...G.YK.|R.R....b~q.T.]....I&..T..K...*...j.=<..d_.ed........{..3...-I......I.....?.`...`.J3...d\#</..!F.C.....U..84.z.}.*-..(....4...Xxkt..}...~B....)t.KOE(_s..`....:...I..9.[`.b...3%9Y,........~.vt.o...`AK.4.x0*x[0....D....y....Z..Zc.y.05i...n!_.....Qo.Y..?....H........A]...U.z<.[.......|.c....y.%..O.....h........E.,....&...3.cxa.1...D.i..l4..:....xC.z..""nH.....oI.EVRo........L|.....g.. Q.1..%..g......Z|LP..T.H......TW3IJ).2.....o....x..9.G...~..r]..xWd...!j.h!..7Q.V.r..r...c......Tp\.Yp...s.hy..fX..../.y.k.X%....N.......|..8U.....*2....v)..HB..',..'.s.B..S.d..uw....wf?..RQ.".9+....d._.E...A.Y....w=.Br..1..1.g.'6mn.HY/.a..R..[...z..d?.3.G....I.x...`d.W.j..*_.o..."[..(...3.6...%].....A.n.`.jJo...$9v....D....F.a.X..).3.W...$...+?.O4&D....6P.k.7.~i_.c.s.&~.!x.......y=b.W....7.W.r..0.V....:...Rx..t..=|..Bd...bK..#o+..+]..0Y.g...+.psoR...&^...#..xs|TQ..gbDRbo..3.........j..L.^.jp.Q....R+.{...=.U.@h...B..._.g-e>.S..K.gbw...L.=..o

          C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977000437730058
          Encrypted:false
          SSDEEP:
          MD5:A22BA66A88C57B4B9DC1C867996B5EE2
          SHA1:09B581DBE8525D5A4B10C59840644B7AAF07C5F1
          SHA-256:1733528918B040E5C6BAA4575010308D89C8D4ABD038298017518889175A4942
          SHA-512:0FF5D40F5C75F74C06293A98DF520659CB6A3649692B822C63B55E303DCE22C13C6D7FD991ECA519FF77DB31A09A37C05AA1957C6B1B85F77A1C68A3BCF9545D
          Malicious:false
          Reputation:low
          Preview:9-."R............cb../.9.y.D...Z.3.........-U...*=..d....).[..Y..&..~.<0...G.....n[.pb_....[..\O..T..g.;?.u...L..t...np.aQ..+..ie......;..:P4.....,*.#..U..;0e....i..-.}x....../?..k.d.D.F....Z...f.9./.. ......@,g.T.=.E..Cw.S....*.P..t....u....TH.P...7.G...Exn.O!.eVV...............-..4..L.=(vB/..%..eaAB\..6.R.;I.......m..$2.D..%d...<.u.4...{.Kz.......(..FKy....S..........t.{....!...B ..`.._..}..Je.a...y.ah.#.Y%.J:.@..r.X..?\..(.6...pX... ....tN'.=.is.|.^.H..k........2nbq...u..j....=.t..j!.....cI...f}......v..xV.|.....:;.b7..H.."g..k4>.....u....Q..9..v.....W_.L....N9...+JC.p.....Wo..`..y@..M"8i..3D6>=.wo.x$QV\4.6p..y.[..o.]...'.....O$..(9e=..2D.KQ.. .~.&.m.w...J..R...~.rYA.D.-..76.lE.P.mPw`.(..^..x.p....:......&.S ...!M...wT.uw.....%no.4M.8....R8...)G..z.k.............._.w.E.4...U..+..Bb%..[...v..k.>.O..5....[....K.)..N.,...y.......o..=rb6.M..6.n......?.p.......q6.JW.;.8.'[:/a6._..3+....#..2+.*Xs..nj..J...~.&...w.N.(..<E.x..c..w......

          C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981357757984806
          Encrypted:false
          SSDEEP:
          MD5:79DBD69D51356DDF0D1263468EB4A5CB
          SHA1:94C9F2ADD7D11CA3051931AD8D2F62A515CC82C7
          SHA-256:BAD4AB6BFD5F2845C7D9FF0B6C5A6CD42D7E723D1B76410395C7C2BE1F17583F
          SHA-512:A2E33BB6A6DFE197B048330A8A4DDD0F4A50352E683307A0A030018FD039FCB27BA96B57CE49141694263DF71165E2138784C30AD6D71C625FE70263F6C12B80
          Malicious:false
          Reputation:low
          Preview:.......+....#.p.S....o@...F.&.{#.=......]^..8.:$..|T.Z&...x. .m....\~W.......E6.....}.uc......C..!.@0'..s.....k..'.l.-.=n.(.b..Y...d@.5.>.+.0.&..B...n7.DN.) ..\.8....<\.i.......z,p4b.4~|..en.(..MiwZE+..}4:.`F.#...8u....m.`.....I.....l.54e'.B8...I>`}#a.Vb..M1.l*....n.T`........ .~3]....Z.)..[Q..... .~,=.Z..^4...>MT9...I:..F.V.........B......9E...A..#.....7y)..m...;..OX..C.k.......-@....d....!.p.s..@VA. .z...Du..fI.*....o.....2.'..|.\..%..8.&8n7...~..,q.].9....Y...Y...5......C......}IGK.X.ao9..3...^....T...an.....v......D.~|L{.-...A..QJ...^)..H.~n1....#v+.%X...U.....i3..!b.}...V...`M..+....4O. .C....8a.M:9}..g,.......{H;.3...}....3..C5......."e..F.......hj|......Y.G...A..Ui9...M..{....u..<.f.................n.r......x.n...c.8.....Ch$.qL....l9\......,K..}).........b...r...~....>.......D.#..5.:....(H.c....f.Z]).k<;C..]..(....&.:7Rg..9e..9c...(...U.QK.M@D&.C..,....^$.......*0).qw...K....xWK.rg.(./....r..s\.....,I.rAT...r....7T8..Z.Z..g.

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.980219454982713
          Encrypted:false
          SSDEEP:
          MD5:1945C55579CF58FB03DB46EBED24C9FF
          SHA1:8BA26CABF6F2B7AF9988552EB29F849571797DE8
          SHA-256:8FABF8B07713DB8BD1B43F77B3296D282F2CE351526E506C712BC38C5F0CC4A3
          SHA-512:79027AF545120ABDC93BF3E5314AB0489D94EE5C04DFC0B46AD90CD88C6CA9E75372CB73F86B780CDF655183D1DF19457037AA183CD48E192F035D58B771A38D
          Malicious:false
          Reputation:low
          Preview:..!V.Y39u..w..z.z...G..}.c-...}.t.9.,nR....ox...)..Sh.-4..b5... ..c.B].#.O...[.......OZ.Aw.fD.%k.../....&d...n..X.+..9......adA.(@&..N,.f4$$..,b.....+..[.T3.Y.w......a.C.^..Y,.......1J...?J0^.....I...33I.g...O..l.e}....A.Kq*P.*..h.K;......e .!.<..(...{S@W..<_..'...B=q..7.X....f...Za7....bnT...'[$u.9..r.Tw.vcy..eML./.>.....v...H...7).....;D..Tn.GG7.Q'cYuA.R..\)a..c......$...m....+......=.m...A......l.M...........X.....iV_..k~GP`'.3.10Oo.....I.R...3....G.z.....'..........f....L$..4.Y.`.{C......C..MX1.FY.....i.^...\.j|6'.......8Q.7.....xe..._z..Ig.f.......P.P3.E.......sDcLY.,.......zL'^..y3.....~7..X..m.()..`....D..:.$._+_K.+..S.mc.....g..3..nN..z..:U....Z;. ..<....r..G...9[...s........11..g...(b....\.._P..u.".C....<..D.!.....0:...m.:Sn.........I....%f..I9.&1......T;.nd.. !!.h%......(hMX.i..].....Y-8.^y.U..Uvh....g...l."...%_.C.".J.D..i.z.....!..NG........*/.,.9...o.pV.".:-s...p......d7....[.3...e......$8pd/ZUF.._.sqX.........

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97841509611647
          Encrypted:false
          SSDEEP:
          MD5:B74A2DC83AFF9A5E2549CC47C2633EDA
          SHA1:FF0432989B82D011FA5AB4EFF2BC0C0222E6FE88
          SHA-256:6A937FB829DED20B4D48750845AEDE59179526FCDDDEEC9312E8A72EEB734FBA
          SHA-512:BA9386841081766BFEF0CF9FBF2ECDA3314BD7914754ED4A3E02705B7C0B0D45A76FCFEC0ADE79FC83EBBCE34BFBFE86A04B4DB41056B5805F38EE99C62554B5
          Malicious:false
          Reputation:low
          Preview:i._..+..`WDSPe.u,..~.L..a.L.b1.T....;x..i4..:;(.....-.......nn..cu!...`@.v.;]..h..E.b....)....O.<|B.....snekW~g....)...e..@K.x....4....i..b...I....g..L.no..#k{....[.Y....z......x2.n.,...?..........)h..,..A..C..?.p....:.8@...+...?...p.?*+. .:....=..........0QD .V...a'.p':.M.....w.bb.E..z...k..cs....j..JZj.5.`'t.H..........E...U..."..6...5/t..vwI.?v.y..g.B.~.-d...A.`.Lat.k..Z.FF...*..\..zpn..x..+u;m.Q...1t.W......].......T.=t....(~....M.P..vA.&..........._Ku...wK..z.t.....tk.jwjjP/<.;7....<".......,.H.*..Z.T.R....Z...V...n6......M..F\.^.D..Z.......D....jYTU.j..G.g1n..Z..2....p:.........6.,...;...'.......,S...{.O.p..!..kUa.q..fP...N..T.....8..N..0m....,..\.bg&g.......=g.$..z..*.y..?<=..v.9.y.......!d....$.|. .K..Q....U..P.,.P(...J|4N...1u......J..U8..[F.^T........+Z.....K.&.]..d.....C:p...........u...56.rf2jj.....AG.9.....57.%.z1.tI......^....+.I.~I..x..9...!.S... .....J..5R.[..A.=.h...+.......E.....#.....).......d......g..1.. ....5!Wn.v'Fb

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978738228967483
          Encrypted:false
          SSDEEP:
          MD5:5D1F892B6FB4C7479E72F01CEAA4F473
          SHA1:E044CFA7A6315E6039F4A40D7C7E822395D9C91E
          SHA-256:73F1FFA0C0504ECF10A3C1BA2B26BBD6D6D879A5B8344729672FC45E59C5A794
          SHA-512:D9A30415891E3BBEC1B18462EA909A6CF1169865F8723D7F71BF3C4D105675989CCDCFF78EBD41A858EBFE6FE9FFEA74453016AD607018065EA5D2892501BECE
          Malicious:false
          Reputation:low
          Preview:...d3[...R.A...<h.. -q....w.....?..*..)....J...Ls.B.q...}b.<.e.......3.H{A/.i...e].h$........P..[.7..C......cwH....I........n-.u.~N.fi..dZ..~=w%.D.....N'..u.....+..*..4<+.....B..~&Ln.P...A-k....b..0.SE..ZZ...FK..X.....(..)I...8..A..X7b.l.?.z.N*..x.W...(.G..O.z$...|.u~T."~..'.W#..x6.f9.8*m.F^^.D._PR.!..J.L.....s+\.8n...L.cu.2$R~..(...A.-...>e..S......}..=y.!.03...*.J[.,.......YS.~.6.../..B..D..U.V.b....s..@.,.D.Q.%.j\Uh.F-Q.O......?.....@..........M..?..:...Lm.[..3..1.*..Q.....r..T.#O!_..XS.....:......]]p4....._..+TS*.^....*.(h....[X..d|..W..W{....V..`.....~.Y........Y~..-H...X.p.Q@\Q.....E....n..U......5t...j=..Z.;`.......h.^e.(.1.=QN0...1a.....F.].{Q.....1Q.cR..Z.}...7YG..A.=_.w....PO.3.q..'..U.....}a.>..=V.2:.$..,.:....4.}.>R..H9..Z.N..Ap.....O'.a.......$V{..<Q...a.|..!.v...@k..].....o.[._.|'7,q}z.~<".6.@..lW ...s.1L4.A..o....h.U.....d....?.....K.t.tdwi.a...}N..E1.....z.Uw~6.=......RaV$..h[.....18.zN.\Y..;.I.x.]....&....b$]..GR....:.:I...gR{

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977816448263711
          Encrypted:false
          SSDEEP:
          MD5:8A262A7930A993A24DAC2587D08B965A
          SHA1:4BB2523BFC1A8E580E80C205C53E527F28D13C84
          SHA-256:EE7A5C98487DE05A754340B438CFB12CCAC38A6E4ECD7F97DC4EDA53EE6917C2
          SHA-512:405541036F91ED1AE8E5181CE814344EDCC17584C6993A271816512A119C3A8707EF1086F3E43704D6BB0C8AB320D2C14B8F602DD102CC959B23FED2C911DC41
          Malicious:false
          Reputation:low
          Preview:W.`S.kJ:$.z.....V/.{.sN$.J..g4...a....Qg.&ve^.....U0.5.z.`5.....wx.P .M.$;t..JNi.z..i.....}......L.......Tc..,[...6'..8.U......%t.."..7F.Eg6&kk.D..M.%s....<+a.. .%.Q.......g......l%..$d.&.^{.....dO1.{]...?..s..q>J..4...............y.}].`. q...qk..._.DY#U..9.B ....,!d.1..7D....*.IS.kJdNYT$]...@..Ye...Z.....;...6....w.|.R....<.N..w..0....P..rvh..q/.Gg./...m`p.g....2......0.E. >..@w.{.6:.G.....z.....I|} ..P..H..g..P....7...K...%Q...[a/..TwV.."..U..B......Z.-.;.k.7.c`...K..t.{.=^.......}..S#.9,.Lr...g......N......'r.....h.W....g.>......K.8h..&.....n~Xg_."[.RK.e.Y...P..~.2=...9/.P..{K....e...&kn.,.~..MP..'M".;...*n2......@...?ah&..^...V.*|..".GD.*DL.:..c....t..+/^q.Jt.......+..>}:.i.j...A.....pT.%...V..`....s.K5..x........t<..W%c.&T...84f{.[.9n...e'...kZ....8X.....Nw.._.H+...Wl.bX._N..F4..v00s......k.o.,.`zWp..|.}.}.........d^..<FeuH..=\X0.q.:......Oq.cD*...pt',4M.<.....I|%>=.......qb.(......_.3.5].5(....W5~2.!W..oV&jV.C."........9.....GFw..+..#

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977589139596636
          Encrypted:false
          SSDEEP:
          MD5:B5BED22A31E5FE824A6567398641912D
          SHA1:895539C6F1AB95F812B6444468807FDB81A416EB
          SHA-256:391C8610E9971EB0A762D245C601E838D471AD306657071BAF2624B02B44685B
          SHA-512:F0FA97C212AB4412DEAD8238FE4C979C68F1744D314A9B34211E97313845BA87E788C7F8A3F006E5C7045EE70CB257D524AFCEAC6F99ADB484488DC40F181D49
          Malicious:false
          Reputation:low
          Preview:.3..1O...(J..,...ND...<..3q|.]...G..X..e$....X..t.EL'R............r...i-..2........2.*2......O.j..#...\2...<.G.E\. ..g..I..5y......|.....3.... a.I.n.Z%.;l.F(T)..BpAT....j3.i........(S..E..%.;W..}...5...2/.p..=a.v#.&B....q...RC..y......+a4...-d$.k{*3...|....s.....4.....XE.=:Rt....8....f..nx....7.....\@x..d.."..,.2..<...8.Y.. ....3..QD>V...1....Y...KA.......QK.#....:..'.'k.A^.g.../..l....C.%.......P...ac..b.2sa...5.;A.[2.J9d.>.gE. .QJ..Q..f.....m.m......4.*.-mF........N=.o6...1Ww3..h[..Z.I.x.J..-.....=..b....N...q..z.....c..{.w.N.o.R6B..........k..|..$...-L.pZ..y.0...hJ.pI;..T.V..&....A....F..of.l.Q.s.Xr.....{.m.<./..*.2....w..T5y.....m....I]...~B.;...rc.o.U.......-....d...;m.3)..EX.w...0.r_.;..>J.....E.1..l.'.......M..p..<.A.l..t..m5.$..K...TG(`m....d"..p.._..5-t.{...Y.,,./Y.V4..=P.O_...$rFg.Z3rr..A.59vo.....n;...ub..U.{.1...\.e.zJ.....P..{.....<......\.S.....Am.q.......XH/........^J.!.a_..y .....imM".:3B..T.V.V.+...V.q...V.E

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978186477245601
          Encrypted:false
          SSDEEP:
          MD5:DD9F98C73C9A50740836AF590D17FB73
          SHA1:DBEAF40770A3189C41D20E2E742D1D31C2C8F58B
          SHA-256:CC2FF987B30DFF0F4B53A8C6F1BB6005D8ABD1DA2F93AE294E956A18033471C5
          SHA-512:118B41DCB2A0753996021E3FCEFB72EB07EDA1CABBC57333BDA8FC4ECCB96EC7815BED50AD72997380C27A6484400B69EE22453E37A5B1EB6804A935A407FD13
          Malicious:false
          Reputation:low
          Preview:.....{.....m......B.7.q.....qO.....A..DY..@. C...v.O;......*Y.^/^.T......IR.j.S9.-q_yY.M.".*....@$..=-...6}#..N..........U<..<.L2=.....|w..._..D....".JK..x.h....q.R.H.....*.A.aF".t{b..W..`Qa.(.p..`...(e..l.x.."8z.'.t........:....s....._.....v.s..".@.....l..{......*..$.<.4..7 ..R.)......*.......[.,y..B....c...W.68.xUV..k.-!r.?.gv.E......>^.....i.......`o.^.... ............._..!.;UD4.....G,.Fn.G..W...a..r.zG...7..(....^R.-.>9.f.<....(v.\.!.$.d=.........mu.S.@l^=.#E..lEQ...4k.r.^M......G....KO.(.P:......s).{.4g..&.............Y..q...<.v.......Zc....b..........h/.|..oq..q...M......j..........0m.[.....}FT.T.,.F.....z..rQ!....8.2.."..]..e!g.......F.z..`.^.G.7^b...DUc........_xf..<p=.....R:..O.f..I.sE.i.U...I...{I+.....D..0.",.JK...a_....?.1....D....(...k9?...O.Q..<.oS...Io1.E5..A.j7.h.Q=D>.Z.m'...d\.......l...A=k..47-4_.1:.`..P]u.J.h.|Z.-A|...,..l.~..BC.b....i.....~.....i.=.......C..I..\v..#*bab.B.e.....{.....Q..A"....".8&..!My...,...

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979077468848718
          Encrypted:false
          SSDEEP:
          MD5:FE50F29DB2151BA44626D7BF7BF620F9
          SHA1:BF153CE75408C367EDEAC0E42751AE7D839C7274
          SHA-256:7C9F93F025200B49B3FE0364E2EA6231394FB8DD6D694B34E58DD8ECD011A39B
          SHA-512:3491180A56F344A5071F3512306AF6037C240ACBB15C2D3DD6C598394492F7F0F49DCFB8C731474797892376CC4AD3C6CBF533EC2833420C919CBA642BD614AE
          Malicious:false
          Reputation:low
          Preview:..Q..1k.....i..,;..g.R.Rkd.O.e..._...{|r.w...KV....|.;D+g.....1....N.B..JKh)T...-.j+7......,.q.5...xt...@.ZN...s.U...0...Or..-....7...@uf.m..>..Gy...U...3R.._.uQFmF.&.Xa...k.]%..:p ;.(M-U.i....22.4....m.K..#.......4..'sN`..-^)..[.4.\y.....C... ..;..J......!....E..]&..%...g...}h.d.z../...35..i...3R.....b.*.g.G....n&_r;...?z..N.c(..x.....F...R}..XX\.a....9A.xN..)..h..r.+.......w.....9.Y.....B.\~...........a...exg).BrE........s..\a;.;..F.G.w.R0.A.....Z*N8...b.At.PM...l.).......@.P...B...,...T.H...U.XeqT#...J.J.!?..=.v..-..gIU.>.b....6.....p..y..\....w9.HnW...../...,-..u...~.SV`.I...W{.....=.3....dO.v..2O...FO.,6w...y..R(>>.i.k.SA..w..{,.[..XuN....?..V.]b"......Y.z..Mj.{.c..K2.G..[.\.^...Z&...../..... #._<..!..U.1.>..V...$...#...Wo.c#;w?f...a....d'.c...+..'..Z.].2@...)D..p..?v......(.4...2M.F1a...9..B1...$..'4.4.....W.r...w.^.9.....\.b^..D.g.)J.(b.u7.|H.&.=.... ..%....M....p.n...T.......K2.wr.4.j.,.iF...%..y...y....T.....B...!.....D..~]....

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9789589307719
          Encrypted:false
          SSDEEP:
          MD5:D7D642DE036AC8556E73CA50FF094439
          SHA1:3A05DDF4E789456247C43124E9AB3ADCB89D1C0B
          SHA-256:5A7472E466D4F2D600902C23ED2C97DB8F2D0C4D44857178B5DED01B3D6FBCBA
          SHA-512:AA7CC80C6DC7894235A5C62A7D8F49F4FF53AA995CB5A24251CF78FA0AC5C0BF4E40DFD92419F248E08EE32C57C0F5BE2F3F1AAB1B51E5128EA3335D3155575C
          Malicious:false
          Reputation:low
          Preview:..XX....}.&..o..fK.........C...h..G....J.{..L.....{.UH.#d..tcXw@..X...E...^*....H...2. .X#...u.../....f....\...a..p.+@..W8`.'...4.......a.......\.%..W....2..R?..%.w.m...,..&\.h....pKck)?..B.".pnL...i...?p.?.;.[ip.O.m.OP...#..6....G2..\..8....w5.v........Nb....r.QV.B`C......@..V$....#.#~F.asj#.D.$F....Z."..O.;i...).!.>gTA}./_\....Kn.e.#[o.5A..h.U....f....?0k.Q..b(m........T.+.o[07...$..zep.*..........xi.wY...>.%3.zc.H.].|i.#..?vYM..i1.#...9.Z......8.8...q.8.G(2.2.c9...$..0.H/k3..N..4.*.....*Lcd.=......f....Y.a...>..-z...Y%.@|...b...GG` .{8.E.............{.4.O.....,....B.':.3t..r9.../..'...!...R.^\/|...6..1...q..~WYl..r.a.D.MT...X(yg.....;t.w<.....a.{...<.[...Q....c.).o.@m..m....1.@......@..cfG.....P...exr.N=.......^.#.Vyk.]s5..v..4...]..Y...T......%gn...9Vo.....j.x...._DK3..o[......Y&n..,B 6c'.v.J.o.|9...............p..B`.Wf.. ...dh.w..h....{uO.p.g.7.5.K....}3..w.R......C.....H.j....K...>=...il...d.....O?.x.......8...S.{......+..?.!i|<

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977451595940806
          Encrypted:false
          SSDEEP:
          MD5:A93E42009B8243C349FFBF0D92CE7AE8
          SHA1:97B64E9C3944A3FBCAD40CC1236C22E7FD7477ED
          SHA-256:F1A15221EF0504694B1B53AD155F11FB49FD4A56CCF5AC49266874E381689575
          SHA-512:1F4111722AFA9FF17C1A7EAB93B293C7EB611F3B486D3308CA3366859D69C0FCF6A3254D7588BDCD80A87966BCF8AEAA55BD94FC3B0841B318CCED8EBAA7F483
          Malicious:false
          Reputation:low
          Preview:s..f..?......>.dF>j......F..(.f7..Y.3\.pn..,..C.....V...?f.K..M..2.t........ #...-.$a....=.U..48...3..#.....&...N..OFJ...uf..TL.r.RJ.....D.H..!.d...Pr.....1.J.q......p..^G........1..Y.+.N=......r.c....[;Xn.Gi.OV.yA...?.j.......M&{.Z..tn....]....k...$f.P..%`7..X...%9./L.....g...%.$...|..c..2'......`Y..P".W.6...B.....2n.....fB..tlt.e..5.|.k..$.g......../5{C0...2..+l7........7.q.~....^.x.....{t.[*o....J'._i...xp...X.E^l.............#.v[.....N...~....N.U...d.....e..G9.F..W..t.p....5^y.R.F...........gMOJ...O.T).iO......$.n....E....;....#~.6Th.@..l.&...P.............=#:.......Y.A.....3..U@.....c R['......b^.h..Gwq.......\.{7e.....6z.@.*1.....w...:...`P9....y...(i"5.Cc).Dh..(j.l.............ZP..H...R2.l....x....U+..PT.....'..a.&...8..b.h..xe\W.z\Ugic.2...x._..le-..D..&#>B.p.t.`.. .?N|..H....x..$...x.5..pt.P.u...A<.=..._..Q/..!CQ.C.6.......'Al..\..CA...J...$...l..XA....d`.a..M.......4..v...; X....?..1.......a../.#......Zq.7G ...2.}.<...zL-.L...

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978619109572434
          Encrypted:false
          SSDEEP:
          MD5:E48387EFA67793B92BA915DFAE81BE89
          SHA1:CE98217FD77CF90519788DDB856AA0C6375C7355
          SHA-256:D31392A8E23CF7484E38B55BE0C524E08FD43AFD7FD29E40B7EAB515419E1E7E
          SHA-512:747F0537186B0BB20A89E9344A6F08943EA74D4823AA6429239E0D8580037FD1F356660BAE610C4939B6A259398316F81EF8F743D62D2C210012281DC4F02401
          Malicious:false
          Reputation:low
          Preview:.Ot..OT".o..2..v.rcAX.8j=N..c.C.4.."...r..;xm.jv......B....."....%..s.s...>.<mp..{9.(.w.,.Tudh.^b......{...J.0A.ce;..h.m'...i...h=.(...|........&C...>..~..i.GO.......)B.....>.....6)`*$.%..!&a..s.P.P..T.7.@..k5E..^......y..1...c...|..Qo....:bl...F..;.U...Lbl.r;`/.}..........(...L.+L...$.....5....|.-.t&....\.(....t..B..2.....#.[.N....NO.\,e.Ci>..........D....s*...m....dA.H..|....$m.G.................D.R.e}(..K%d.F...`.R.|.b.u...yx......I.8a.J.l.e..n._4E....z.N\.?@.A.(....L+..Dr....[....[..9.....S..7....}....".I~...88<>.@..@....wwo....l.....yl..p/%.2.4..r...=...."..X....Q.I>./w..*.8.j.W.C......0x..C...0.r.v-.n..Q3.q'.$._..U.......a]h.DI+.D.F....G.......B.....J...[[..Z^.wY.H=e....}.np.,!U...u.....Gef.7bG..U3.).......O..=..,...4.w....\...H..k({...BN.T..0.DE..51d...K.N..N.<1X..G.x.[.2%.`.@o*.[.`...".U...z....*"..E.o........'.g<.+.y/.{...Lh..)q..ld..[r..&..r.z.&..~..)h....au.......0.R....0Z9.b{8D7P.U\9.Y.....r...O.pJ.}...s.9...1v..o09+l~.9.Z.

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979222992618355
          Encrypted:false
          SSDEEP:
          MD5:ABB301E42D50FC75649A9E1977B1FB6A
          SHA1:C68AA0FAB5FB1309ACB1AB742B39E492E4380793
          SHA-256:8002F028DA25E9ABEF6876AA78C3AD21616CC280685C3147F86E145ECF12AB9E
          SHA-512:FD3282615753836DBB98FCB6B9ACF0D1D2390263B26141CF401DAD15F34F3EBBA0CCFD9B47AE939ED517C87D28B84310F98DF0BF8878842D2E6D6130E2231BA2
          Malicious:false
          Reputation:low
          Preview:......OfE.{e.?.C..".6.../K...%..KWy\..TL4+...:.e.(y..n.H......".hX....Nd4...q+FMv\..2.>*..W..........U..Vb..m..V.......".....U...M.`5u#e.N..Dy.,v.9.....b...e..SB.J.<{j.}Zo..I..p....|%I.0.bX/4..'.....>.=.*{.(...J._.Id,W7qy.Ye......j.5t~~f/..q..&.2Y.bpK\b.F....q..\.......}..OL.[..6.+..'+..r"D.l..=.he....Z.@8..(.f...6.>..=ASR..7.`...s.&..x8... ...p4."B.....Sk.s:4Z..|...~b.^..;3c..4..;.........H..2.....:. ..&.Z.i...^..S.g-..je.EMm`.;.T.......c..\.A.C.>..+..GPYo2|S...0.5W*......k.2.0....@|v.9...aO5z)..9y.......*.D.`.u......J".O..g...F:.E.:z..xET.........3..N".hn..u.....5CS.r.;..T..E.O..0.cq...{.*..S..+.1<.Z.~..8..+...Y..i..n..%...;f.LH.q.~*.;.....7...f?.:.&.^n.Bng.Cw.j-...y..aV4GF.si..O@..T.\....._..<....]...F~.W..T:.+.\.1..k!...w.........L_.......1.6?...c..!.'........=7...b.P..>.m..(|5..'*.,\.M9....g...>.Y.-).@6........C/........&W..r<]....CW6.;S....>-$e...A5[!..>..R...p.....JT+.8c.y...P....s...q.w.o...*.v$}j^.:y...r..|...>..NG.C.;$.c.....

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.976799522207559
          Encrypted:false
          SSDEEP:
          MD5:2488F7BD48B3DFD42292BAA78A8DB16B
          SHA1:C6B06B38760554323DC7F39CCCB3FF583110A9A0
          SHA-256:6BEBDD24BD8128C92A69311B6B6EE066C61E5D9EA7C84B51B345461D1F648FA2
          SHA-512:3B20053A7E4FAA1E0C597DAD15616C0B30B9973C8178E48018C7AFFAE8EC0A2305662247E8DE1752328A476190B3CDE140EDC8901C32EF9E830D9E8E4FE25DEC
          Malicious:false
          Reputation:low
          Preview:.T.%1.x...o<s.s{.F..%....G...;K.H..eu..\9.j.-..{..&..yq..D..rnx.M.._..Rt.....n...DD....*q..g.<ambm.Sd|@Q..N<.F.x.......mT.#.WqB.+].'..0...\.../.....L*#o u.5.%m7...Jju....@...xU..j..'.......6.....g0N........4.w.[o46p.....GE..E..l.V.......&...x.....c.j.....W2.....}.....?)nq%s2q.t..gR-....'..*@.......+....t.m.K....p..;...O......p.q`Y2.6w..yf.p...$.w.y.`...J.T.mSL......T..P..".t..]i..q...M.W.F...ds2...^;a.a.I.G.]........[.V.E......i..x..............p..b\.u2../.../..@./.L.zD.._.w..j4...,B..*...<......;Zy... b.......x...Q5..C.%w.4.....l.m'..P..,9.b.=~..wSy.I........$...,......R...........Z.4..P.f...$..I...N..L.z......,]....3.x.7eP....\2n.;..}x/.JC/&....0.E...\.M.t..(...2y......P..dn....5S...B...}v....C..%S.5-S....7..0..O.c.Sm...b0....}...8.&./...!..Kd...H.?y<..2.&.......M..i....X...yf..b.2Pd.gl...A.Si..._...QT.v.@6....H.I,.M..p.mv<...../.U.... m..JGd.......!E.W,T....E.3...Y`.!..1...l.`.u...._.........k._.b.t..G..P`p.C......*...f.|

          C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9782516997023585
          Encrypted:false
          SSDEEP:
          MD5:B49F69E8F3E8844837E0BF624FC281BC
          SHA1:57AEC307F389959EDC7BD8F79F3DAA36DB521AF0
          SHA-256:548E5BEE3DDD9E8868A0695DC43AAE84EC56A4B4C8DEEC7D99430BC1E6B00D48
          SHA-512:C2418A6779D519194A1557C2F52BC677F09F01CC7237946E3F76C972EAF6B0C1B59DC7DE71CF582C5C3E5603A1BBBCBAF234B968FC1E90A59DBA84DE9F7B96A1
          Malicious:false
          Reputation:low
          Preview:.l.6.J....t.."....*..1.).......UB.@......"....tN.W..... .\Xv..;.....K)vV.....<.f4,..!..\qS!.......nv..*.V.`3KE........"..j3@..;.<...Gr...Z..........&<......U....or!+o.Y...x.*.....+.....D.Q..mu.)@.x..@.Uk^ew.v4.7.]..yV......';=..*{O......#c..".YK..).w..Cm;.v&...D../.8(.Wo.[..d...L.[.....xs.=6r...V.=.5..IaV......o..b.g....ZUuU...<..E.OM.3.<}.Ir...|"....QMWJ=}5.....8..:..(....C\.;%...$:-..*'i0.3s6..B=.?x..:.j.4.J|.<.E..c.g#4...kj....X.{.4.+p:#.r.KZ..I.Ja.1.....X......j.].. {..2.`.l0$.....[..e<.A..........G.s%...Q..Ez4......4.....^.^...6.yvF...N._..5L1.-.....B..-.. ......W..t.a......b.,]...\V.8D.:m.8...6L....}kc..S......._.}.'..,..B.'.6A...S*.cl.J.A...{...Y.h.....K.<....h.......`-.5.L..e1f.~..n.%.-......6..`.S~~.|.w6._....3g.......x..&.}....:.....(k..ke.5;K'f..&..ye..2Z.......f..$..........GOo.J8$.F.{.H.....?...9...6...h....%..V.S.8...f$'....B..v..'R....Z..:....P...?.O..k..P...WK~[z../.mg^...@h....xU....#.#....]....W..T.8.....Ml...

          C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:DOS executable (COM)
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.982774518312903
          Encrypted:false
          SSDEEP:
          MD5:8C82F7FA2681A0D9D946BA8DE5142E9A
          SHA1:4DAF6027260C50FA3C1598A82D0B1ABDED84C372
          SHA-256:A1F07A67ECB0F01F4CB6A617D9D0F1B63FB28B7526447C40A93ADE50E15B3361
          SHA-512:5296B0E9DED902C1560C09477B8B17D5CD7F0FE3E753287059DE0AA26D17302127816D2C5052301471BE44E38BEF45D66B3D8005315D39E4453428F3FCECDDCA
          Malicious:false
          Reputation:low
          Preview:...|gc.5!l..L.'.....C.G.n.x.`:..!l......JI.;.......J....Rl........|FL..#r..j.~..p.......y.C.<.c...9..i.1....x.$.fne...:S..Zz....@Q.G3..:..... `..T..`..${..B0..V.k..t.......,<.z:..p..f.k...Z%H.m,h.~.....o&|...x....%p...$..........'K.J=..Y.L...U.&0U..y.c.V*..*.n...#.G..#..!o.J.%A..Ix(...Z..`...<...a..../08..P.H.X..-...'..C|.b^!..]..."re....}....c>.......`}..|J..7....F.Eg^.....1.J..e..2mq7N......{4q......d.....c.....T.M..uj.........fR..A'0i...P.B...{.....+.4.Z......../'.dd./..Do..k..mN.3...k...Gt0.A+.jd..^..)+9.j...f..@.\..D...}.Se..%.v..Wa..A#,DL0.[.<..d.S..6j...@..#.`LE&4....b.;.U...H"L..........C..I.,...a.....s>.!2;....q.A.M....J#.@mQT.s.P..ca.k.u...%O..]..f...k.Y.$^ .....iV)...%4.=:.h...gwG6H#.r..L.g.......,.x......M.VC..jF....e.kdJ....H...&./...;.....F..Z-.......S...9pSq.H].hT.Z.[r.=....).q&.I......p sIn..1.:6..F.K..TD..<......@.}......?=...uuof(d.=.+.J.C5.C].m$%+&.n.KAU.*.6<..<+...cf...g0*.(8...O...d. Fj..A......e.j.th.:lZ....aLC.^..

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.977638618153337
          Encrypted:false
          SSDEEP:
          MD5:DFACEC926883C22B3F3F8F7358BB192B
          SHA1:C7BDC3ECDDCEC59296E580F2666483A72658749F
          SHA-256:3993918BC5EDE19BA3E80ABDC8B5223734DCB1481CC5DF28EBAA288F7267A9A3
          SHA-512:87BA954A24F205B2514C1C9ED60440283D53F09DAE91459B62F0E7A5F57B724177E5211472F3D473629C1E0BAF3C13B14C1AB90007C4D8D06B16AB4B26F77703
          Malicious:false
          Reputation:low
          Preview:O.U..)#.(F....m.g..HJ...z...a...t3....=...#...ln+.#..2...cc.m.+R}...........o!g7D7..T..F.>.)9.<.J.M..l.-.E.......?..........56...vM{..s!(....9.z...'.o....'.. ..vY.....e...uT! .i`. ).......(...2...._f..bN.9.T.D...U.j.^..X$o.BZ..n.a..!..*u..>.+c8S...OE.nx....e..YX?.~...9u.g.X..:[{...{*P.....7%@........]....'.....i..xx...Kz.~.F..}..QK6.L?........K#@.G2t.TW..?...7f.)IZv..K........-.(.@....x..........G`/6<Z..O.Jk..7h..GH,hJ....../...hYl...'...bM.*1.....!+.h.+.;9*...h3&..?.....x.9..<1V-<... .9A<.........m...a....J...UL...o.....'....X.Xen..".S...I<.&..O...q.3..T..........=..R.Kz.....Yu}.G+.rd...<....9.Q..:Am..d@<..G.+..`...v..f.....a.i.H[-...]z...^.o.i.m..O.<mO^......(.iB.m;J]ZU.G$;D.........&..W]..1.Uo...d......9x&.u7..S..f,y...g.....)\...O....C..b.J.b7...9....9h..{S.q...rk.9.-_Mn..+Y....<..e.U.....'k...c.yu.v'...T"........;.........{....j..3..pJ....!.;..X.......p..hu=..2ocb.3<..Zwn0..e...:.dteL.)l.U$..&..9...w.4.O.f%..w*........og.I.A..G.2..(

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.9789886790181335
          Encrypted:false
          SSDEEP:
          MD5:1CB92C6DC176790FA51BD8E2885D7B20
          SHA1:77BBEAC43AA9422346D7A956634A2D28D6527786
          SHA-256:19C860D9134DAD45B9FE8C8BB2DEF769036904819186183FD839879E34B9A510
          SHA-512:A0FDB2775129AF88D3266AC9C77C98108564A8FAC36786DE23737AE1413774F4F4876B272C47BE25022DD395EC9BD5B37AD77D9A2AE1354162A8533E961C92D1
          Malicious:false
          Reputation:low
          Preview:r......l$.X<....y.~k.b#....eo9.Id.P."..k...C.\i....<..m..WOD.9.P9Hor.......]...g|......7..:.UhB,..V...[R.V.!..A.....Q.S..0d..u.5&:.1....L.......-.K..0.`....6B.........+.T...8..3..r.[F.....Y.:`.gh.n...?.Q.>}..._n.u.R.....T.v...9T..J..x.|.....Z....l.7s.................v.,qI..Xh#.y{.B...2....G..........P9..?..........H..A..1......V..E...an..A ...J..'..G...W9(?...w...P.a.=.....I.Y..j..6..o.l..*|H....b'..d.E.U..v.Y..L.........h.......}m.....w..>....827a.=...Z\...\..zl.<. =..bB#.|.!.d..#.i+.(.fXv...}f.b.J6.E....W.nw.....9..J...&Z.z.s..`|Ea.Hv....G..W...g.l...N.^n.%...n...o.....";.....Y.0.a...%.Q...?..|.M(.h7=si....N?.>gT97.'..Q....,.....mm0..sC.F.....X..4....ZQ/..#.+.!..L.[ ...5_...J:..v.0>.......b......sF..K.V|Z........h....q.....3Ve(E4T.a.W......f.-h.^.Dgu..T...W..IK.tM._7..I.-.......P8.83.#]./.{]W.....8..{B....g..9..-..&..6...........r....K_[p...q..\.pj...].V.w.....H...F.......x.....o...*..)..4....$...d...2d..V..-...464.|..

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.978424614289238
          Encrypted:false
          SSDEEP:
          MD5:487A2CBD757A2FA2DEC201DC1446033B
          SHA1:38AFF5821E968C55EBA6D39A6A6576D433A0CB9E
          SHA-256:A4B07BFFB912BC38B58EEFE1A61818F86C12F4DC1483E51EF681A136B2CE299B
          SHA-512:A5CAC1576C5C7A6C944718AB95BBFBAC87794F237836BEA45CFE6240F4741A71124D1D308D537FC9DABA68BEDC3CCEF7F1F479797FF8EF921BFFCEA53D8BEC27
          Malicious:false
          Reputation:low
          Preview:.y..f...Z....A..z..p.p.b..<7.?N.+..c.... q...2Qza.-r].V..m.O.7.D.@..Z.X..\..8..~...%+.VL...p<..2._.......=kW............(....R1..1.j^..1....h>s.<..+.:.zY...Q.....4y...+.x...h*<.&...b.........+..#..........#...O...N6QO..5...D%f...!...T%.. .PE.%"w.,..w@p.[.....{.....p.........xr!..3(.5.0yd_s.|..c.].S....E ....T`.1....>Nw...|..p.[&.....F..R.o.+Q.R2v........]........B8.....c........_.|....D.b....L...;.E...'7@~2..{.@..n5..e~.{d.M_...?.9E-.]..5v.=&J.wn.Bu.......j....f7.;.=P5..B.k..........:....G.;<Z.qIe...H....R...........B.:m......$.yo5..R.Xur.k..ON.."...;;...r..8...}.Fo...^t...D..3.<.6..b.Q.n[...d...!..J.W..<l....s..z...].Y.M. .....pKm.Bx.:g........?CI..-.....V......Hb.<...t...Uz......x.P7s..:.e.9..T!.Q.....K*...G:l]^...G.'...hmo..].P..@.../.{.x...!V.7..lr.. .5.(pT....j....w.%..... .............H...Uv..X.0x.r...,.....Y.t.../.....LQ..H..S....]C..l{..._&.<....d....Ku?m.........*...|z$.+...S.._...@...8..........$N"y}..4..........pW..H

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.979755532877988
          Encrypted:false
          SSDEEP:
          MD5:94A6C5DEFD598BE88BD6F373E922561E
          SHA1:8DD84746B734DE199D28EFE062A26712D6ADD2F3
          SHA-256:10B318A5DE31DEB7220DCB85CE2E4E9D7243C64E8A96F8A5E8ADFEEA3A970A4B
          SHA-512:B10ADD53CF4D009C4937A407896B769BF68C72CF5BB5A9DB722968A4A38BC9CDCE27A43ABFD86AC5F37CCBDE6F18ECF07D8E41D0433EE6B0FF6132768A6182AD
          Malicious:false
          Reputation:low
          Preview:.3....C....Y.. il........I..A>.c.e3%..A.......[$i...S....7...$D.H%.'.?...k....r:.EL..0..b.?.u....Kk.._1"...o.O....k.......$.Cu.`SN..a3P2...,>.CS...Q*....z*.h.4...8l.&...t+..s..p>..g8.'`.+....jK{6........t.W...pL.sa..(9....z.Ni(.....-!O.....jF..Tx3#m.;._..w].8Ut..kJ. ..it:. .....{.m.g..X<q"..1...q.b'.L.x.n`.....-A.m..>.P... 6X_..0Y.u5.P}.....c.,..iK,..y..pc.=/.3.T.{.~>@...(..*.pzq,.f.o.a...l.@.\.Wfb}s.......|.d..O\..B+%.....^x..Ph..Z..;}...$...s..8/.B...Q...`...y3.9c...G.-7..0;......*..#.o/F".~..b.z.8....U...C6...3W.&z..P..;...l...>.....c....s...jzBr{..\g..... J}......*...V..S...5..h{.*.........Lp.o..|....R..L.Y9...o.@I.|..x-.`.s#.O.....L..k.......+...t....YJ.+..q.7.ot.X.$.t...b.ty..v.S...$.hSy7..Uy..]...]8..U.B.*..~.BQ.k..o...qH.r..39....?q!.q...]m.6R..ia&..0..?Y..=q......$.t.!y.^...h.q.?..a:rE.......I4G..+.bM.^.I..+.'.D.~.....1M..~Y...w!... h][..MY..R.t._.s4u~.3.B.8N.1X..y9..=./..~]..]...j..a:....W..i.&c.d....(a.|N...V.....H.2..:....<.|..

          C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.LOG1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.981009736265832
          Encrypted:false
          SSDEEP:
          MD5:D0A71513F2A62644A9419DE9B13E40E2
          SHA1:66E7659D4102B1B316D0F699F8B515EA23FCACF4
          SHA-256:8648339311E5F6BF7BBAD4962AC786924EC8076D13B5A87E051C730CF274F858
          SHA-512:EF61460A193857805377D7046ADA44724C28498E0D07E565CD8404A1BED46AB3F436F8A69363CA7E5521B5A8A3A48CC3CF60020A70E49A83EF2AD6040B1D5AA2
          Malicious:false
          Reputation:low
          Preview:`.h.}..Uw..@.M.I...J.......&j).. .$7...4....8.. &......P.W..5d.g...Ki..A..2.U.....c...5. .P9.^.z4..!/..I.:...Y...>.l.>.'.u....6.XF........!.....[.....9.$..9..Y..`.....#..X..3...vtY..6a.VC^..T..\.sl.H......rV.T.r...]M..j.q..[8.7;y....r...=.....z.....e..GJaj.:.....8.............DF..D..Us..^mb...'.MR|-..v..I...ZGN..Q.F..R...8e..j........Nd.;.d.......O.o(.5.Q82..5...-4./....}...t..F......|e..?....WM(S.T...v.q&..J...t@~y.K.z@......h[..b.jc.{,....b....SVVv.Buz.I7....C...v!.{ZD.,q.~X...W.e.}.qW....zs...N.:.}.Hl/...... i.f.\......+............!.Kc.;..g...... .(.Z%...&$+..<c..-.*.>.H..h(.G".I.OK.n">(.%`k$..M..z,............y.N........f9N}.o.Y.e......M.g......d..6.d.RO........z.gK|......uh.-....@..C.&<..N.&.Tw..-..Sk....l.s$..v.R..e...(....I...&.'xS...9.....u\.A.L1.....=.....~.h..8.=..'M.+H..iA...`.!`..l.....G..[/?...5...!k..H{OIr4.$......[`...e5|s..6,..N.....0..)..!....+..M]f.|..P.f.h.O.......RL...M ].&V.\X1.+.x[l...%.UO....~......m..Y...$.N..ww.

          C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):7.97986726033359
          Encrypted:false
          SSDEEP:
          MD5:3223F73E11ADD87FC3069018CD4733EE
          SHA1:D435EECD72DD1FE460C5C9B02E7838CC94CE2806
          SHA-256:4FEAA201145EF0BAF9D074AFA0DFBE1D3830A828B754BA855B4B96C3EE1040A9
          SHA-512:001CCB064681CC06462242E7549B30045DCDBB4023F3622B617C6300270B74A00B77332D56EEDDD66FF2D57529F68396AFA39FEA6D8AE9DBED1C757DDB8A091C
          Malicious:false
          Reputation:low
          Preview:..u....G.i.sD./u~1....,......._.wS..F(.E..".e.s..e....+..c.[!.....39....%Z..[.a..._.u....^.| ..I..6.#.5.#.....3..p..Tm.....,.s4.3.)./F....Hf...U.....n7[B....}..`f....^ns.../.i@0.@..(Qb2.........0.R.r7.n........8G.4...QI..To<T....\.`h...H..Z....t.<....#......Z9.......i..._x..+jS.D.."....W.+h....;.c.c/.<...Xu..w..d.@i.O[..a..Z...j..w.K...b.Qk..j...x.Y.Wc.....%..a..../.`..s.....)...kV.lm..8A....7/6.b=@.sL.TX.^o!G...l..9b.?..5~L..\]..c8......0N..X..2...ar...jmE.'...cF.....;.!#.9H..(..XCvY...).....M.sM...$.]..5.s.n*...{.......z>.Z'.s........E.P...0i.DR....*.%.c..q....J....?.<.D.1.........)..M..wK}......"z.5.....P.....J...jT...}.5M..(FY.......ib.W...^N...].H..B.[0S.g.j_..P(.D..P.$..$..Crt..CWq....74#Zx......A<^.....*..qZ.HS..(..Zf.....p~q.$Q.o...7\o..~.1X...L;.Q64..h......R...55....,......A.(......i.M.=..\T.fPl..j.@..X.R....?h...C.7.p.Ugw3,.&.EP.....&.... ...l....3.5..d......}........g}..2g.. y~.......><..|.s..?cZP.x..../.........)]..i

          C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1623165216694393400_05CF3E6D-8C15-49FE-8455-8D0F89D0C2DD.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):9584
          Entropy (8bit):7.980676140822207
          Encrypted:false
          SSDEEP:
          MD5:F7E423E119836BE778A8AE44A0690054
          SHA1:6718D9399A6074E6AA81AFCAD2C1B0DF53C6A3A4
          SHA-256:5700E040FF84C45D26CAE72BDFAE6C5424E3A658C2814436DA96922A487814B1
          SHA-512:23900091D17FBA5C08316E9012428E16AE66930EC15D6DBF6CD5746872B83804B4611EC0FFA8CA67598236B99F3780811FD71497923EC683392C118071396C0B
          Malicious:false
          Reputation:low
          Preview:$^r......7...a.F..N2D.......,1....h...........f(..8}R....*.2..u..2....?b..<../..v<_.4..w...R.oG.Oc..O^..]9.._.lU.QN.....A.....L..H.%.z......O!.........n..#.....-#'E... Z.s...9./.L..j......UJ....a...N.........N.f....!..,.O......;.....&*U>;...t/.........):.....M.L../.W.[X..dN ..X.[}.......&...+Oo.f.{...ja.v..^...R..C.Ya..tg..$.*9SD6....3(y.....y..H..u..o..w.........+.h..PM..._*.x.<c.....{......F!.,..tm/T._..Pb..;;...3.^&.l.#....~......!}..\..#O........-...3Jg.U4@:<u.w.e......C...x....Ep."...wM.(p{.21L....U..k<.k.6_0.........0O...#.....]QY....-\...o...jNUO.m.o?.":y^>.TPG.]..........1..L..T....)G.r...+..M.a.&......_.(...=....@.x.&.~..}.cP[..:....0o...^.G.2.O....`....'.X..j.....-.'..ty.0=...Xy....JZ..).j.c...'...#+[..1r.L4,...T.&9..S..X..*.....~..w?V....J......E..0..7.G...k.n*.K...7.bX.a{...Bp4~..M(...%.[..yk..:L.....b.O....Q$n..X.u.Xc`.~.g...8+&.9(.y.?.b..>6D.V.0....*8.H...:d>..W.-.q.?\.z...8....(.....w..rjS.\.[a...

          C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1623165191184203600_F688FB0F-9A40-4394-9E05-C5BA36DBE564.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):11856
          Entropy (8bit):7.9848120185634
          Encrypted:false
          SSDEEP:
          MD5:CEC38B43886D7CB5F4DD99806C0F8A19
          SHA1:A6A3839A68196A52F1988BC77E6B8C536F3D496B
          SHA-256:3805C100A39086F7251DDA36E463A48EE53FE1E71AA5914F49948CA783AE60CB
          SHA-512:2D3641755DCD9CF14D0EF131FC7E2045D3AA1DD80342D758C8FF195693D678BEDC927CACFCF448FF5EF6CE60147092A8D4CABDCB21AB909C6571FCC23A071C34
          Malicious:false
          Reputation:low
          Preview:.#..z.1..zK..Y....J....K@O..y.Ff.L&.2......3.&.....DJEU.6.7...r..v...h7..Z.v.f...Y.B...`......#PJ.i.e...m.3.t.......v.m.Ii.BUf.....A..O!./.......;........{.v.2.#.Q.8p1.E..QE...W...4...Q.xo;~.u........#dB-H.V.Q6.......x..M..B...H.......>..Y8..W.O...[..F.(..\$.'8f...w....i...+.\V3.Y\.._%.a.....>.....j.....Vj.0D......].7#.6nc....0.n.....z,.q..3.w......_..p>.B..R...EM.@..5.@-.L..(.b..X.n....!..o0.U..2..t$YKt02........}.T.....[.......w....7!..E.`.+..{..e.e...A.W....C./.-.C.8........k...qZ..Ua,.8..on....<.=..`.^J...2....n..........V..U.R......GVE....7.-.;.^...T.~.1.....J.pV{7..u..7..(...q*..f.`._.t.[E.. X..O5.P..... F...7.....)3...g.......7..*1..+.......,`.:......:.*..u..z...I..w.S.............\kk....Ph.$1.#OE.z....W.25...*.PZ?l.qh..F.....fPb.S.....9..O.....j.gsa{wBE.|{ 0.{E'.e.xG..m...6..E..qN.@...3j-J.....g.(2n/*.`..=k....N....#l..G.l][.!A.i.#*.kS....<....y..Xyt.G.....f.4:|...p......f..N..H.f.....2..X...9.~z..".XP0a4O.(.+xj.... ...>.

          C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1684319521621248900_724DDF91-E372-411C-9B24-AB7293AE20C4.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):30688
          Entropy (8bit):7.993506282536217
          Encrypted:true
          SSDEEP:
          MD5:39E3EAA2AE5F8C9BB1FBB51F69914D2C
          SHA1:16B24A5411AC43103D9609CE08FDC50570C93D0C
          SHA-256:85B7498C5A87421DFAFE69F488215496687B4D731B6487B132327C619A7B3DC8
          SHA-512:9A07C9AD3A097E4E884E680073AE7D3DE177E2B08386CC1AF292FA359C9EDEDB99ADD36866780BC41B42289A8B2C1F16B7F8CEAF3D3FDD63BFBBCF40595DA29F
          Malicious:true
          Reputation:low
          Preview:.t.G.....[.OT..........BrT..o5..q1..A.}...NV^P..Jl6w~8......j.<e........*.e..Z....9...`8......m....W.r.P.\.z#.f 6.}..!.X..z...|...*..i.on..5.]...8E,l-~..&W|(...w..o.5...w?(.L..r.i...1..}.|.+z...hH.8.QEp...ga..s.v.%}QC....3.....]'.1....R..@.)..8...mF..xi8.~Th.j...$AG..M..e.:...`$......q[b&.Ag......B.e..:.......A...9..PL..t.f:k.=6..1...r3.0)..+#..D.ow....M.....BI.O.K.#...(.4.D}....@..[][.0..u.*.7.r.....&....`o..g&.7.2...v..O..{..S3...L../.J..;\...w..@....bv...c.p;nc.....z..6..T0.+...eMt.\....d.##H,...l-..._=.P..*..%X....o...&_.....Mj vs..3)....#R......MZ#AO..u..ho1.Ic.5......r.C..Z.%..q....b..*v.......KP....x.;..(.f. v...6..y.]6r...so...HS.`*../E....&M...0...eC....l..sy.B. .>.v........h.k7...........I.P.14...ZQ.~y9.i.H.m..%...._..............E..(h..9_vW.........Yn...<d.3I:Y....:..`>.~F'.._..c..].m..5K..MJ>...uYe...<.2z8..D....}YG.F.T^.-G........,..3.8._t.c.a.;.L.Jqk.d.d..3.:t..#.}.f.<..ly...AF.\...BQ.Ix.C..xG..$;...i.{?.YJ.8.?<$....u..8. D~.

          C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.681079580715608
          Encrypted:false
          SSDEEP:
          MD5:9C78F05E67D94F303B259D8E83390D83
          SHA1:2FCB3EBDF2F46775CA444FEDA92FAE3A500386A3
          SHA-256:D9D24C3C9814C943D2AA8815882F3BF53AA9AAB8BDD1760BF3108C66ABF73F95
          SHA-512:840F3F3BEFEE269BBB57E5ADC52FCFEC394A35BA7E0E128F873407C4990D079A6C2C66F1C1897256CDCEF4D02FC929B9AFCDC683470DC62386D665D0B0EE49A0
          Malicious:false
          Reputation:low
          Preview:....UE..%..]ySA.^].L....92....=...Z.E.q.....R..N0;................@]...d...j.'$..\.....0.......:.Z1....&.........]..&.'U....k..2!qi.R.F..H....j..7B8DB..-.l..!../KX/..8>.J..w...r.....o...6.,..L[.W...p.Z.]..'D.{..y..YB..Z.4..CN.._).4..@VZm..A%.u.<w..X.F1>........10.{..t.......{.!LpR(1C4.^.z....f.:.4.p...V+T..Q,.s.2w..Df....v..or...8.^.,.....7..l.$.h..~K.U..E....=B...G..4.1...>.....a7.x....h?Hf.9....I...o.9..bzj.....m....;..A.._v..j.....|.;..43...Z.B..Iz..Z..5.....I}....!...7.U....>.->.....p.x...,.pE..B.#..S....pL...~C.[..<..Q.;6|6B........7.ym ..d..aO.n..&.[..d8un.+..O;.3........F.._...s....4.t.4.2., ...l...g..*.@...E.[.^}M...G.z....7P...v?.I......;..K..\5.l0.........d.......

          C:\Users\user\AppData\Local\Temp\Outlook Logging\firstrun.log.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):912
          Entropy (8bit):7.748242353619448
          Encrypted:false
          SSDEEP:
          MD5:B493F33C3AC1254C5AB99C3A347397D1
          SHA1:FBECD3A752C43DD5174E82902B88EFF2FD709874
          SHA-256:1E048538F8B73B8891E9CB4BB539E0576E854E05869BE8B353F5AB5EEB5F88DF
          SHA-512:CD9D667188A2A44B4898A58BCA06F824E9B89CF11159177694D1ABF3E740167BBDE2503B4B043ADFE74F349ECE54874072209B037ABABA10169B22A1B5EC7B70
          Malicious:false
          Reputation:low
          Preview:0.x..".+].......'Q......9u...L[..1.......py.*0^1.Osd..8........n.h..$.;....1..S..j.;.Z..G#.&.....,w6.....,@....G[.<'~F7.O.s.'.S...v...............w..........'Rv...5.2gc....... ..X.G........UM.&.2)..q.|[J...o.:.=.B.IkQeR.i.P..............[...1......+........i.'j,......|.$<....iH.7...=..HFs!.......=2..z...PxN..W.....O..iG.....w.....6@.}...#eXq.=?.......l.1..&}..p.a_6.pNe......k..9.......f.v...P..R.bKo....t[.2N.%;c[.}.........yc.1t..k.N-.k3.]....,.l...L...0[<4.X.1vj...HO.\\Te'...e.b......"..y..............`...c.5.n...z...Gf.a....0..V...49CJ..i..C..(.\....;.B.FO..$`.%...n.`..y......`...m...s.&\N......9.....?^..#.W0$5.].0.*f.'...^....s.=....h.x..p.....?.15Q.l....3.... .......;..j....,....;w\/j.[j....{....(Y..R.B s....=..\..+.nh.k.....|...NB.M......c..T.L<..gI.0.b..I..EY......7.....Z..',...L.AvvukQ.....6..6......D;....!...2.%.9..L\qR,2 ..s.......d.......

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.571145324720038
          Encrypted:false
          SSDEEP:
          MD5:35465F34DF3C6BA44D2CAD4038CB4D0E
          SHA1:67CEB60D4231A2E19E54E4BC53C78382454DBA97
          SHA-256:F0FAB656F8A9721E706D18FEE65F574B0C0BE40267AB7EA7F6F52511B1E3571E
          SHA-512:FE60DA449A444E70FE93436F65D3D80FF40EFE2BDE8A9F6727D7477CEDFD3ED6E6FD81FFFCB58E85CCCFD93F4832ECC52D0013669E629C9E9454A6881FC95442
          Malicious:false
          Reputation:low
          Preview:...#K.b.V.w..U.t...G.y.-...O.l.....,...!.-A..B.W.$....b...........n....]R]...K..b-t...n.aj...}x.SfaM."......?. ..K.U......r..tn.C..j_....6p...4*..,.V...{.!..U...z..4_....[.=f......V....N.|....9JT........e..A;..\j..;,D.d.9...X....W.s`. .....!.Ww.....:..........ol.FXX+.sH....-.#...niKr..."........r......on4.A..i.O.....&.b......&5.p.2.X.NM7.O..b..."......,"..1.Z|w.5'_..v\.CU.U'.&..Y.#v....M.sv.m/.......:...|--..5r@.JuM..^..j...g........j..V.{.`:5...........{4..Z.....`.9.w5.-n.Aq..p'"..T./.w.....o.........d.......

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.547751290639499
          Encrypted:false
          SSDEEP:
          MD5:5F2E87CB8B02418BADA51F6D5DF8531A
          SHA1:287593D718CFD90270449481CD41456155E25734
          SHA-256:9741511A5E54A6522D6C9C67DA3DCC09733EFF272ADF35290469889C63F64025
          SHA-512:5EA72CF2CBEB2C59D72B86C7F24C577F81685B8EB4C6BFCA0558AD75E250B225BD68618E6BC9E61281A4CE0531851F11E52976BECAB2E12CB0A7620E32DB721A
          Malicious:false
          Reputation:low
          Preview:..e.F).I^N.....p.:dIQK..e .~7?..D..~9.o0...W!s..-X]A.....;.^......H...%R.*........@S...{h..H../.......8,.q....$;.m>6.......x.y8.f.f....&...N}..7N....m.t}...2..S.=s&..9K.[.....j.f../..0i.._.W....(..../'.#=.}.Lv'.[.<...^....:.*...>MC.."U..e-p.+>:.M4.....wk.."..vJ......L..zH...9.<>.+...p..yu.IiGI..s_.....M.=.cM.4..u...:q.U..D...j.dk.#.n.b./..i.6Ij.Ye....{.dW'm$.d.#..qw....|.............& ]U..n:rn...]'..K....^.....+.O...z....4:+R./HVT*.`&..+.>zV...D.R..f......`H.-WQ.z..9.A..O.@...S.+.9j|AXz..."......y..1e.WO)...}........d.......

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1168
          Entropy (8bit):7.831700088020917
          Encrypted:false
          SSDEEP:
          MD5:E5D85079E953C727889B3D8AE0371B8E
          SHA1:8E35454C9B970675402C6C29D983382288258E2C
          SHA-256:7A699EAB9C5025A0C9E605471C6C28A1F3BF271B603CDC573D6B9D579AEC1399
          SHA-512:F6C1DD4DD28E2417D07F32849C8A4219D9ADDD0386375294C3D1252A8B7CCB37BA3378C3A8A00B882565288BF98FAB6D4D63A07182DC0921D222735B8F6582C0
          Malicious:false
          Reputation:low
          Preview:w...xLR.F./.........}Ftle....jp.HhSb..A'.D..45.8(h.z..X..IG.(...C.f...}..>.>F..{E..=...z.......P....%...#....5.:.$Ez... H..[.4e....S..q`i.S(T...p1..Z.......T..'..w$2...../.S.LS..z.Gj./$y.G.g.T.e:b.....#...RBe.n......B9\M..y.ABa.....*.........y.s.z.P.a....zFP..g....'.Bw..X../.)/.o.?p.J.` m&!c...K+.....ZGaB.W}...O.|.)x....v...\....u..Y.(...E.0*.u...U/W..y....C..uj}.....[=...O_c...8Y..\#.............,.YCV...{..q..o.iE.J}.>... .../.'V..B..n.{Qq<.hS...|....v......e..a.[....mP...`g..u.....P'...".'.p.. pG.x~..4.#....2.Y.@..=..il.{.M......A.vd....y):G....x.Tg.b.H........R.JF=...eM.4W..ZH......5...+....8..5'O...3..&|..._..2|.]'.~...B......=...p.88.K.5.H3m..V..6))xp!..m..../.....+c.....2..^q..&.!..}.X]&.o'...q*0...&..`......S*...d~.EP...].j0.q.5.".R(x..-...y...D..iUQ..s.a.=.^...........^;z!.N...4t...._8..@.Z;OuB.B..ND._.h.. .i....8.$I...jI....K...Ap.O.b..N..s:.m..U.....Z..Q.I...C.=)+q.j;..q.>.........Y....y..}..).b>.\....s"J....lTq......A W

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):960
          Entropy (8bit):7.780114818809291
          Encrypted:false
          SSDEEP:
          MD5:C458EC9365ABDAD4EDC1F084E2EEC75F
          SHA1:1D9C800936A31DF265A25B65AB9CA1E196D5249F
          SHA-256:5B9201F4ECB2D65D22AA210AFD6E11366BA1A4D96454EB46C42BDCEAA1BC7FE7
          SHA-512:06BEAA686AD84D7A752B2ADB24A1693680A7C38FE070A1E52FC95833A8C182F21C18364538CCA7166F85F240A80482991FDE3A6C985AD2057B1685CD67B5F62C
          Malicious:false
          Reputation:low
          Preview:..2.x.Vn;.|.oH.2!..d...D.....".;..9.A...c.......j<.a&..v"...xK[..+.B..h.@...E.............f.I~u>"\..{.`..g.'....4dcQb.....03.av...`.Q.dL|.7......Sw..$.....r.........}..|.=9.{....;B...5t.a}tW.f.....L.....EIdUT.4`..&..Z..)..J.{v..~....,.4.R.]Z.HU.%.....(.$u....IE....S.D.[.:w.../0..l.UF=.`.....V..B;.. .vS...EZ..M.'.......Y..s#.,.+a.q.n..-.._.ZH&......<.,..Z.J..a.....L......JsT.6&46q<@...q.............ng........85..........a.l|.4.+......\aAoA....6."..}`;.9.3...1..>.f!V`.GpD.....>+-..PI....n..i6.x.#. ]=FR...K.!.b.....[;F..<..5lU\?.G..p..U.3...O.0.b...En..%.d?.g.(.Z"`......H....Q...H...........d...w..Y.b....>..m.~..b....*_.W4.-.C.5.Vh......<.]F..%z....Hi..YV2a..!.[IA..~.0Gr.m.Y],.>.W..&SB....0#...5;.&...."n....l....X.....%....\.)J.v...w^...V}..... .8P.`....]OJ...|.......Bk&...U.[9;,U>Q......Iv.{.~..1"....q..J.....kX.....d.n`nt.+../.c..48..d.-.....-8.iD(u.......Z..{l....HL....:.A5.c8._T=4.M...V0I...?.........d.......

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):10768
          Entropy (8bit):7.981277680716284
          Encrypted:false
          SSDEEP:
          MD5:1D45CCEDD0607EA16F3880FAE8378FE9
          SHA1:61180A12A6CE57B84CD24351B6F790FBBC33B2E0
          SHA-256:F383AEFF474F83E87BF33229235DEA9CDE69733D3914DBC615D8AFFD734194CF
          SHA-512:657741490A27EE7B8D0F5FF5174D8F88DEA05AAF10D55EF246C39DF092C7C540D8236A2C60CBF93B0EFFB2BE95030F183B672861CEE318BFB674E4ADFC076C36
          Malicious:false
          Reputation:low
          Preview:..5.L..eU.....d.tg...........SB=.P.n..e...s<:.....86.].O. .{."...e......=..m..k..........Kv .;..!...Rr.X.)TU...>P&.x.1....j.uP...x...../...>@.....P7..jkn.B.x.,...qp.....P.....VA-$EZ=5n.3... ......g.i...c...7)TZ.+<9.N...WI*M,$.v.....+7..C'B=.z...G.~..L...GC..42^.*e.7.'<.OUSk..q.`b.F8..1...d(yg&QU.l|J....R|....X-.Y.......1.05..o."..=..Z6.K.7..p..F...M^....lg...?1..[C..;..7li...v...DIp..d0g.....$.........E..e.{..W>../....k.S...Rs:k8...K.]..X..xk...Q..D.R..L.iB..H-.....r.....!...U.>^Ax...32........R.:M....a..J..n.]...K.8Y............w.p.Qt.$.+...qjP.\.:.d"O...\....N...D...,....O...{O...c.....]"tP......+......,...;.kU...6.6.h~..L.UF<y......|+.R.-0....-......S_.g..s.U.._..[7..R.~..p...?.2....q..<..+...!.....z.q...{d...d...".<......\h.i.;...<.v..R.."..b..`.K.]q..,H.k.e.C.9..^...8.....G.../o7*q.V.G~..Y...G......m"*^.+.U!o.........].F..Y.].f.u...w..|A....XIy.h....<..h....O.q.....U..O..x..`...`.uR.C..#..V.g..J....bF).u...?......I..7.1..j>....%{.4..

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):24688
          Entropy (8bit):7.9912464672630374
          Encrypted:true
          SSDEEP:
          MD5:C0D6CB504F0D9CB5E5AB358242559709
          SHA1:6C0154663054FEABD48C94985FD8F95F096777B9
          SHA-256:1CEB2814648BA9F873AA5288FD59B59865AF42AD0A4B4D9D740CF8ADF5066CCD
          SHA-512:992D48C4A175B4CE48552242E1B7047E28ACF98F8C83336B232832E4F5C1E45B58776D36C0A494C82A3688A582AE369D403D964B8AABC97E24B16A05B37F85E8
          Malicious:true
          Reputation:low
          Preview:.T..-...>...j.p,..1.>.........u..M..e...O..c...t..(........p#...d..>.N.S}l....3f.............+..s..bRh)..L..q..S..6x...07!a..:.F.Hf.i.L.4B.`..31.E.,^{.aor...F...U......b.n.'o......r.c.....d...........P......@.*Q.x....0.....s.+B....v'<..;+&9.R7@| ...l%Y....)r.\..K.j.....js`...4r...C......)^......<...P.n.....&...Lf..N......8.lsL...T)..-...c).@2..Q%M..t...Z.....S..7..a...>...0.=...dPf._x.$.2^..vp...H..d..|.....{N.c.....^~R.4.m P.x..!gU<......>.{........z_r8-l.i....o.SSj.1...>.u...x.td....0.c.1..2}0.!y^.......r.X6G..Y.I....2..M.X.w!..../Me....Y...FW.....`..7.7...."(.U_..U....,..z..<...5A......`+-[....;t.}..V........jd......@1.O'...(6.?...S...N...+/....}.m.7.CFT....`.g8......a..b>]..........(...\......D{../...O....9..,".......4...c..\/'l...nF..m8+F.c....o...V..9...<..../!.v.M...z..S.hiY......%7..3...|.P.......S..J..d.:....8....V.j.}...e@...:.*..7............5..Q:...}.K..\.V.x#~..G|........5.L.....Z'zl....;.U.R5.2.*.....J.3d[c.<<e....~.

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):800
          Entropy (8bit):7.766589583577197
          Encrypted:false
          SSDEEP:
          MD5:0F7B4E544184FFB7FF46C1445B66B497
          SHA1:37CE283C186225C166A6358A89E0C7D8E2C219B0
          SHA-256:6F4455C90B29912D58A5423789DB8B4AB164C9F7F7688AC0FA1ED0EE789777C6
          SHA-512:B0C1E9B89023749B8129FDEFC2ABA4B26B81528B31A8186147F4479DC0D31A5694DB3E0B04A0945AE104E1741CA56E8D4ECB9EAFED6CFBB6F168E3D730B8BF6D
          Malicious:false
          Reputation:low
          Preview:be..4..I9g...y..3./....:.s...Mp..3.*-VH`4.^...A|e..a..U.:3..{..........X........D}..Nw@..H..b@..y.x.b.q...V1...!..f......Q..).O......*./. ....b!.0......o.&y..D.zA..q.an....D.....2.M.J.....Keh.....S.!.....#2....E...\2.\>....p3T.%.x'A.+j.$f..9.{.cK.=..%.n....`..\.4......B..E<..Y*ml..o@.T%.6v..a.'.....i`j&$...x@...n..7.&..@...b-..Sy.G.pL..[.2qh..>..'.C.%.{..b.:......3G..5Z.L.#.S..X;Y..@......y.C.}....i...WK....q..L.atP.r....dK...............e.z$.^|i..<...U...G; ..'..r.F......!D.bR.7...?.......cg.....[.Z.,v=.9...jG.^/...F.i.....t(Iu.&6.L...........q..x.WZ..v?.7....^:*...WlY.o.u...w}aB...^.$q....P..]....T.%.......S.~.k.8.L.........ZV...].b...vp.?...Q..T.|j...?K,..5...U.d..*..r......R............hK~z$.{(C.........L.)~.C.!`''~....lh.K..........d.......

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):14992
          Entropy (8bit):7.987759257434225
          Encrypted:false
          SSDEEP:
          MD5:1826654405282C5FBD348A814F9B3296
          SHA1:21308DEAC829B1F1A7211AFF336E1314619EE79F
          SHA-256:D9B4620CD34EB3D8045EBAA370FB74CAC01FB9B0045310CD03E1445FC26704CC
          SHA-512:9E0BAF03BBDB3898B0FC942FA8002959054023898B2BC60CCBAD975996886C0C308C9F4AC8BA423D231E682558AD1A940E6ED270A103F1F065FB38845B799EEA
          Malicious:false
          Reputation:low
          Preview:(V.5....B.M.M...W.h...J#..f...(.EP.......t.......v...S9..r..w.......p..HHjj.!.9.?.".2.hC.p......O.r&lH.#.....4Q.sM.x.....B......../..3-w<27Dt........Dw...w.....w{.9]......."l..3.....Xi.....N...c:#..Gm....I.I..3....9J..`.)..p.(w.zj.j.3H".CF.&L.....R......q..9..]I.d.l. E...5K{.....u^Nl.....i..Ht..!Q.....j|.~..a.y....}U~O.....2.h...g&.\.UpQk..P..}.....L..Z..n.u.TQ.E.l....`.u.f...]..6@..P........8.H.....DpP.AY*..u._.}g/..k.....F.u....Z...j*..N.x.K.........o5.s..F.7`C...c......c...:...q:%.>.....d..@.#....1...o..!.....f.$...m...`..l.X..K.}..j".O.m..$...]|.@-.M$.Q..\tF..r.{.`.fM..zi..k..........R...pBJ.(....Z...a...OK RE.[1^...T...-v..LP.@.a.X...,.V.K...r9v.R....%..{...-V~..>.....^U=....E.:..h.Y..t..S.A...U..G..<.8.s..].k.%.......0..p.N.:..'./{.\..x.8.......yD...v%[....).]wH.n....=.L....5.9'...x.P..8..o7`.-.._3.5....J\...4.n.T[..p....~.n*$.....T.k..P.V.....dG...zI..E._c.#...e..$.....9..k.Z6..Q};.tL.K`.}......m:..%@{....R.Q4...C.

          C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_7ff3f708-074b-4ff4-b2c5-fe065076e0a1.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1488
          Entropy (8bit):7.860514442819252
          Encrypted:false
          SSDEEP:
          MD5:D570408BF29B2A7296E5285FBAFA1A5D
          SHA1:F186FDCF1263DB7CE54C4A955C741F8240D4146C
          SHA-256:D4692913C1F452A06BC5F5B017F9734774A0AC70BF386A39DCF29EDBFB037867
          SHA-512:3CE9B72E319B4E55CCA92AB7B1DBCB5184DF7B86F757A6F891D0B6B879989370FCEA0BFA4D8780FF66214C3E60BB13A21D0F32E41484DDFC5252FC7BB41FEA0F
          Malicious:false
          Reputation:low
          Preview:....v.7.V..D.6i>\..A.7......n~.E...E..........~...q.S2~....\,D..9.X..B.....B.......?.a."...r.6r.,e...$...^..e7....`..,.N.+x....e......>.&5.".i%....Y...s.]b...,!@U..t.:.$D..2W..:,....f..H.R.B.......+"~.10g...P.s.N..+..$wH<\.!...1.ani,.@.h....?..F.....j8....I...m:M...q.P.K..Q<Un}.&...qV...E...QH.Rz.Y6..........&..Y+U..w.x:..SX.,..}..@.if.5..t..(g.^..<...c).M..ei....P'.|...f.C.n...W.....P..3.%6;s....j._..y..=y.Y....I...._X.C....h.[.......p?.D...mn........c0..N...&0..ja.=ZU\..... tJ.i."C....Q..N;.(qL>.n...n...j......;...I:7.s..{~P.13...7..Z..V....L_.O!P....`#...[....w\R...$....+s......NF..k....z.h...9..w}q.......(P6.].....nf...@8.l..&.W...1.....H..t)^..!...A.88t.....E.H.q:.....~;...&-$..9..ME.5.U..=......~].c............f..B,........8X..~.......[U}.,.lL.....T2g....&.L4.....wY..R.+.2...Sci..QaG...B..}.).?.....7u...]@D.p~..88....ov.9m.;..zJ..s.Mt. ^Z9k.2I...2.....(.....zy4L..<......9 ..sD..q1O3.i....K.h..".......e.....za.Q...

          C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):624
          Entropy (8bit):7.589997974702771
          Encrypted:false
          SSDEEP:
          MD5:B61293B114EA5083C71796EFF5145E3E
          SHA1:FBB6F0E8F17D0D889F19504978C33322F82CBB55
          SHA-256:460773096015190971225EDDC0719AFAF067E1C1EA02BCF8B515B1F5E9F7E05D
          SHA-512:2A5D7D85C52B34601AB979546B847D623986CE2674A9FF90D3969A354A7F7FEE0848254C2D842DF66755A20B8EC12B4FCF5EBA3641725568570087D1C64B617D
          Malicious:false
          Reputation:low
          Preview:.<Jxc.....7."..JB............g.......P.s.mc. .)}.<...E...y.V..5..l"z..A.zv0h..%....a......f..9.@...z..5..c.d].NT.;.k.u...S....g.85.r.v......I@......n|....9.....t?.*f|...Z..v......2..Df>.......1Y% ...J. ....#..?..^Ds>...8..M....z>~..n..M.z.....G6..!.....].z=v*.A>...Y..~..$7+e...s*M.O5R.|W_.gV7..E[....)#.!RR.(...2x....HF..0...C9..E.Y....:iBx..2K.w.%...._......C.....<.r........8B2.n...^..g....p.......J.+.h.M....e...]....L.<..7..S.?.B.am...j.......f...a.O.[!-...!..c9n....R...y..Fj.f..Bk..'.D...........+5..(-..fd..g../z ..`-.w[..0...M.FL...;W...p.....5nOMtF..g.z."htrCq.tSS.......d.......

          C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):688
          Entropy (8bit):7.686261033443999
          Encrypted:false
          SSDEEP:
          MD5:2D1DB5D039CD43641F636927E0B6E605
          SHA1:46E21383B0CC51D52F93BA76B0303335F489F05A
          SHA-256:7B60C281300EDD89C6B90D5A357D13E3541FE44450CF037D09F39DBF78B0D7E8
          SHA-512:7E794057D93E72E14A2DFD88F35263FDF6071912EB087B094D9DDAD5C16F2640CC532EE63E4C9C0A33CA1078049D28D1AC02CD142520BF3888C02A498D29ABFD
          Malicious:false
          Reputation:low
          Preview:.U.:........2(...K.....W.^/.B.~..[:.qw:MT.....S.......a8s...?%7.9....tm..S......wt.....q...el#P...R/...LjY-...nw....+,.5.K.\..E.6...;0.b..,......#.....j....D`...:....Roq.61.}..K>...^.I.......VK>...G....~T...@h...).z.!.20:}..|...j....m....r..*e..i.......1.....cY%{..J-tl....8.,.1.f.Oo.t...so.^..j._}....j..&.....S..J.+...).......~...N.w.......f..^.7.*..t.t.DT.qI.L..=..m...n.........k....Ji.".b..f....D..).22.QF.*v_s..)X./.D../..6).Z.5J.&HV...9..K.3.p..(..... .:.|.....`.,~....<.....f..vw..`b.f..[hJ(.Q.........]]D.....Mz.p.;.....OQL^..%.y.'.\=..x.O.N...$..q..3\8..9.h.......>6.4..B~j..._..'.Z+.......-.:S.....F...>.|.5Pr1.....-S...E...x.........d.......

          C:\Users\user\AppData\Roaming\Microsoft\MMC\eventvwr.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):140080
          Entropy (8bit):7.998750179880863
          Encrypted:true
          SSDEEP:
          MD5:D47D239A7584BCCF0FA1BAAFA8E0AF5C
          SHA1:0E794C4CC443A1594F179DB9F6CD76C80109EE8C
          SHA-256:B2461271AC6751972552B734A1E862AE2B74A34000521658BEB625FF9A24EB6B
          SHA-512:9806AA427E4C5EF27997A54FFB4E38BE90219AEA7CFAD619F07DF4E7349D227E985526914E57FFF215CCE169D51ADA1C68AACD94B471F934098C2BD3A1CC59CD
          Malicious:true
          Reputation:low
          Preview:.O.....kj..W.:....<%R3[...XM...@.....~...z.g...|.%.17..K./.e.N.-&.$.cF.5LcM...Ddl.i.....f`.d.......b.P.....k......'...A.....mo....B._._.I.%y.T.}..!.R....o..hhQs.&......#.?....^..+...a..z.R./|.m@../#.!o,.bu/..<....1yU^N.!.*.".b...C.L...}..Y.+.6L[|..jv.w?e^8O......O1.Kt....v.....k..WD..v...../].m...8.,..hM..=%.e.7'.Vn..6d_\.`...],..x+......<.W... /..D...5.p.W.".-..6.#...)b.. .j..P....Q5..p.P.P.|.....7....O....C..N.".A..Ih..l.l....0....{...vW.H.S..q.mtt..#..Qu.....O...>...}.....R.DV.....}._.(.xx.&.G&.......6.......Uc.....T...Ph....~fL$.1'..........%..H....)..o..I....w.-%.....4.P.}-C.8.....h.uwv.?.#..........a....4...Ek/...h&.......q$.......Y..<...j.f...t-.y.#.....&y...H..+.7...K.+H..;..=.B.%.x..:..5.......p..6..........'.&n...6.7...f../...d.R/.I[.......;t.t.'....9.....'..rd...I..9.#..$$....YD(........b..p.......7..nQ.K.)...........o'.L?.f..)MBU..L.3?..kk+.C......@..t...^.aS.MH.S.V...X...O;.$0...I...5..Nd.._..F....Y.&1X.a..fe .p.6^..

          C:\Users\user\AppData\Roaming\Microsoft\MMC\services.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):93440
          Entropy (8bit):7.998244890058018
          Encrypted:true
          SSDEEP:
          MD5:F9D927492CAE8788961BBC0D93C59CB7
          SHA1:75865800A05B2AA8A03FC45360E6277DFFC90FB1
          SHA-256:DD64A702589A6D4D0BF89B047FE74EC781DF75EBDD14FBFEEC8EC9DEDFA69825
          SHA-512:EF5944B87AD03F8B72187785A240D469960C68A4BB2F8C791568B165EF60694365C9BCBEDC8CBE611668B21CD749DC29B365FA507E7E08B8A749434C78BA733B
          Malicious:true
          Reputation:low
          Preview:.={.L!9......H..r..\...+..G..9.....$.]..v.....e3........G;A...:.1..E.}......".4..L..U..}g.iq.<.V[....}.A=0....=Q:J...o.n.=.A.W..ca......d.C...;.0.k..^.H...R=v./....y..d.Gp.F...#=..q....R..="...x..sK.9..}..y<....;..j.'...BU..1]].u.S.g.M....Z.'.L......A..A.e../......U..l..Z.>.3..?Hz...t....@6..!...nm..t(\...i..2z.(.P:..J.!..q^..2.n.a..6.+T....6.....z.D.nE...|....u....Y*.rl.b.HYpn...!.0..q..Lv.I..y*.,].......I.yK../...#.S.&.]./.D.N{wn.. ..xG....[.H.......k#....fD..u.7....g,..HN$.5O...C.w...9.....!.\0.(..e\"1c..~`.^...5...b.Nn.]]...6.*03....!^..G..cj..........5..g[b..ih..0...*..2._D.....A{..8..C.J.....Yo(...........jc.F.nuae..T.....(..R..@....V..o.>[.=.....j^...#W....Z..bp.$.}....X.a. .J..B3......V~.sx..;G..5)l....m..y./qD..d.uj!.C{U n.......T.\.'<...2.A.).xI........a.... C`.........#Z}|.......=.v.l.A.2...0.$...$.skE..P2i)N.....KO....J..d....k..._...K..o.....*./...f..QX-.GZx.R.S.=.n..b.FO.-..7Z.C..........PG=..#.]%.v>X2.f....am.V.=.wj.....5?T..

          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):38272
          Entropy (8bit):7.994971737836058
          Encrypted:true
          SSDEEP:
          MD5:1777A6063C3EC48BF02887188806B176
          SHA1:4FF5AD2E6BD7C44FE8DA1566475091DB35DEE647
          SHA-256:B82F463EEC507E4E9E4A9BF4824CB5D6F19E9518AF95ED46A134463F0B543818
          SHA-512:F73AAFDD68D16E24AC3376E864455A140CD971E8550E110BB72EE27706C68F926020D06A29B570AA3EB6F1210BD1F12301B4A37A04663E2A1363353489C563FF
          Malicious:true
          Reputation:low
          Preview:$p.]..v,.....~..~h.c~..|.(.....#.VC...?.....-....rZt'5 ..S....f..$~l.M......Zf....aJ.e...t.`Y....?p..X.M..h...ZYb...O....N~.h.jk..5.c`W-D.....4..H....$.H.Wd00...z......9...4..k`..x... ...L..J......e..fV.&.Z[.....~(.2C6.26..a.J.,..1a_......@.K.... ....U......1N9..@.d`.4%R...`Y"(O..=...|...k57b..o.JK...Q...o.J..Gh.....).u`..P!....e...u.O.l.7....w.Nn).......M.Ke....@.............y..x.g..?.g..G..2F.......i.......T..Gk..u.(G.`....G.>G....i}L@-..@.k.no.3..RS...+....+......0.`.m...8..r....QP$..(.N.eZ..."~.US.&si....k.H....?.,.%.cp%. )x. .x.&..k:.q.dm..W..#......~~Rj..V..UR....O.[.h./(../..6....Z.....<Z.36..zZ4...\.7........3...L4...;....|y....n.... .......lC}..sE..s...T;;.1:.........S2.:.X5B...C...f.~...D.q.....Of..........p.3!#....J.c6i...j...j.f_..K..e#....{...rjw*s..G.Y.tk?4......:.D.^$..t..v.']..b..5V.P.3.c.!K.}^.z>..-u.\.yR.X..~...9d9.....a...D....!.DYK....N).....:z..i.v.<.%d............?.9d..X1S..s..c$yR.-.b.=..<.kt. ....

          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.627013609924898
          Encrypted:false
          SSDEEP:
          MD5:EB3B3B278A7D0BC673A53ACBAE79AF7C
          SHA1:FC2EA35A9E74173F822B1DE2A6F6E2CB21994F9D
          SHA-256:784C419D12C0336D3BE9E52325EF75BD36A00FE5B0D09359D0A37AE7AC78DB05
          SHA-512:F1574424638C50C7B61D92D0DFD03F24B44BD2382A4310237E5DFA744744DF2287302D3DD6DF3DD67B5DB3DFC7A9C11350EFA2D1EF747EFEE63290882E241D33
          Malicious:false
          Reputation:low
          Preview:..T,..2.x..]..x.UU)...B&...l_.E.=>aw..:..M!.C...i..'... lH..w$....^...$......]....o.@...^.T....4.v...Xx.2.W.)...U...B......L..~.Cw.<.\..K^..X..a....)..3...X8..C..3....|;EA..... ..Ky.n.N..7.IBn..$.V8I.Cm.K.f...|....."af..`.XW.....},.....EY.e.n..N.F..../.Cs...}!!Z)+..gC=@l[.%V.....R!.i.l.......f>...n..{.........|o.NM..x2.....N<...V........{.....G.=.5.6.A;]..J.T-.En..d....U]y..c...&...dG.......h..i...7./=.wJY.toP.xg.M...?.Ko.p.P5g.,Z.n#....5.e.js.G......q.{..\..*..7.......z......_..A.+.L.*...N..[.F...+.Jc....8.W.N..t.k..........d.......

          C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):992
          Entropy (8bit):7.77033639377061
          Encrypted:false
          SSDEEP:
          MD5:8E1070A44DEC76B566BAAD262E7D8BCD
          SHA1:3DC85DCA73C9C1478DC0EDCFB9EC84EBBB0E6627
          SHA-256:48D0E2BBF48377A65DC7AAD7329723A3090070554224F3B16B8685C949196473
          SHA-512:A9E4A83C02D1B104B7BFF961774CD99FD715D76DAAF98742B525F871341B253123E06F8F5E30FACC777F2BCA474BD09DB47172F5F30B2134D414FFC94EABF5AE
          Malicious:false
          Reputation:low
          Preview:..T..<.j.l=Z.r.6...'...?...IV.......d...r'qy..U...d.....a.2?.:.w.%.AU.....x.>.KH...lJ...[h..........ta.Yp....Y....#..pcWy...{d.J.".!.]..`.G.s.[(..z.n.....!EC.......aA....0 U.>d.CV:.D]}..A3..I...s../(Z>.....'R{2a..i. ._.....4...#rW.....J.b../.6..$.?(..|.S.9.B}..g.^.p.G.....p!.l..hP-.....j.....$.j...-0./.. T....Ged0J4..B...9.;.......0..........$..w..u.-X.......3..-j..|.As{....V(R.{mxh..Q..w...)|..N..S......VA#(Th..].m.x..Qe.N....7..O.......}QD.T...OM\'S.....'....a.Z...".".:....@.HY!...,P...O.:.d..D.nHY@h.."..%s. ..?u[.J..0.. .6)..@./.G>.5....!..P....'...'...Y..]D.i2.<.l...aS|2....7W.._..._X./.V.|.DDn....3.z...F.Q.n/{..|3...rl.k..V%....v...}..w..A.c$(s.w.\....NE.1B...]....d.....1.....Q.Vc|}.+#... .p......0I7.GH.h(.'..+../.74.~.B..b...Q.....[..g...Z.....H...J.'&..c..[.TaE...K...4...]H.p}n.p..5.\.Kr......3...<.?p...X)....ye.(|}6cO{2....O....0).k..,xK..B......F8.g.%..^.D.%"...R6,}@.T.............8(..5p.H.............d.......

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\8a0ce345-aff6-4e56-b026-58ad99d5e016.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.79356947991231
          Encrypted:false
          SSDEEP:
          MD5:EAA6031EC4E5B1413AA88BAC01E60A9F
          SHA1:10810327F1C52EBE4442DD729A3A18DB9D7C141F
          SHA-256:28D295852A1B607BD89645966F83C1C326C5466E55E318B530344C56A6F368C7
          SHA-512:46402DB094B7EB93150DF46F7018D6D770BB6D74529B99967E6B72D94D5E95A3591C84F3FB6C80A2D3A56BEA75C9B6E68FDF6A18871900B50FFDC423917AB70A
          Malicious:false
          Reputation:low
          Preview:..A...\.... Q...6.!..[..X....._...o..!.....{....nf...........O.kX.A.p....M..z....R..._....k.O.;.s[r.Yx.'./....b t...~..c.9'...\.G....ype.*.g.P....B........)...5s...(.......o....b...0 w.......Kuo....2.+....&...Df.~........."b=x..)..$..Ps.3.E.......V.L..Uz..%...p..Z..R...j&........Z.!lzr|L..g..;......;l.g.....+i....~d.z....a....^.}.$.!..m....a...+...'......_....[.1.B.q!.D.#.sc..h.. .>.-.nfgy.&....p..~.o.L.....aJsrvf~f...I.."j..Y#..........0......m.xn...Z.Y...s...9F..f.1.sn.R......?.I.\P.v.L"B{....../.Q....Yl.Na..1/..i... 0a}....,E..!..H.)V.;E?i]O*....q F.....`mh.J...'.]......<9]H..0.h..#.![.{.w.[....<S..^..$P.c..n...HE)b.\........u.1.<./.".y.`...... .2@...To....A...>.Yp.sH..o..........9&l..8......8....}....w]...w$~...U..l.n.)#..S.G.B....27.S...x.0_R.R.?R..w.Y.V.U$.\...O...n.Qh..F..a.d..*...jX....WN.1.!.`.6o....w.8.dCLl<..............{..BA..F.x..t...'...5...Z..zu..k..w...t.......!.{...r..L....Pe].QW.. ..R........>T._4.....[..........

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\Preferred.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.570259828291178
          Encrypted:false
          SSDEEP:
          MD5:94F83EF820DB7C32F99DA2A5591EABCF
          SHA1:3BFECC99011783A7CAA758027D674FC3041D49C7
          SHA-256:C609A312BC274753640011C8C25A1435F92AF9740EFCB384061C364CD364C1D3
          SHA-512:1D1B69E4C4A365D3B85115311CB46987A57BC99A108D327B5B0932333FFC678E20558E87C7850C787AC95C7C7E18EC85FA48C4FA13B7BAD179EAA9405EBA0D50
          Malicious:false
          Reputation:low
          Preview:(.<VyE...r.[%a........q.gS..)9H.%..d....L...'J........#%).....x.......-..B}Y......v..X....w....Iuc.V<..s.#....W..]...u1$..dw.<..p....0_..EU...Y..$E.o.../o6.F.X.....C....W..2-......U.\......$.a.oa.o9tX4Y.z.M.......P.......~.PO.'.J....P...n^..tk...V....\....<.U...*#.^.tM.<_.....G.0D.*.P}Q.SJ_g..7u....R8....V......R.~.X<......O.!-...Km-..*..g.x.k.....+w."9.....r.Gz.o._..!M..5,Rt...k..~..`.dT`.0..!....i........C<p..:.....e..AdM.-(/&......j'..../..+*"..=..:u....S..~.w>...e:.xe*[.' .T.{!.#.E.....D..S.?...x...a.;3`...'........d.......

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\a05d339e-a3c6-48e3-9c59-a78ea2f33bb9.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.776974605108348
          Encrypted:false
          SSDEEP:
          MD5:9291D66FAA90BB776CC59C3C9C84FCE0
          SHA1:62DC02425FF9B89D9FF627163053BB7AAC60A374
          SHA-256:2575D3903912FD94D7699C20F356A5F9F6FDF0072AFAAF34CE99ADCABCD201AC
          SHA-512:0057B95CDC79ABFBEFD1EBF5329AC9E657CF3ED8EB155140B78EB2E18076F0CE9860A8008F50A789D93889E5DE474AA523E70BF8DFC853050A7AB46CE1777202
          Malicious:false
          Reputation:low
          Preview:...~...43`l.F....{..] G.....Lp..q.Xl.v..}....^\n<ktoH:..47%.....b.B..Z*.[.-nZ:..m.#e......w..+..#7.m..N..R7.,D.}..z.G...<..'.Nek..#......%...?kz.....SeJ..1.?fy...<T.3e.D..BNo.^........X.i\........X..m.D.W.W"@g..Cl..O....4.C.8.....oA.[.#....A...V.......UIP..@5.2\"}.|.aq..::...._z...0...@....TS...[.(..^.....MU5E...z~H6c.5...:..N%S.Js.?....A...vI......`/...#.!"._.b.;.....BH[....X.?\.....{~...%.>V....]bV..y_.l...&..p..!..=....:di...V]. ./!.cyG.y..D*A...V.x..g{..D.d.F.~....oD.=`.).$.\..H_.+._....m:)..=..X..!;b2N......@...=....W...U..E....B....<vC..)..n...p..5...+.@.........th.5.<...+.......6...;$."..f..C.U.$..H....,.... W.-..UP..4.V.sT.......IB..]..cBz....E.^.b?.*.9..F...........3*Y....../S.Vq.B..6.[..........<@y.m....1.e]A.6.G...].?..R.U2.W.=.$..../..Z.vWJ....;.$.G....t...m..$f.o...E.M.....$..*."..]W.8v...T.......,|....!..;...D.P......N..C..>.qZC...?...O.@.y.........QH.Y...R.. ..Qn.N..IH@........N...1....^-7.e..B.\~...^.|...........

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\b1b54341-cda4-4fa0-b7cc-364639891c64.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.793439135712231
          Encrypted:false
          SSDEEP:
          MD5:3DD06AC8D053F8E36AB0592D94AF59A2
          SHA1:068BC8E0B8AA4DEF98C49844A48F81328EADD790
          SHA-256:36945997E0EADA8988ACAEBD911D219003B052DA9DAFD1F0E72E46FB4D602B18
          SHA-512:70A40AD2C25E8AE655E7CCD890E58DDCD6B88FC440B47F712401E2CF9DBAA020845F2727281FA35945B37DA39C619192EF3E17D01CF65B3DFB668619B6237B67
          Malicious:false
          Reputation:low
          Preview:...r.F0....~Vo..Pm........x..".,...~..s0..'h|..X.......(].?...US'"R+).:./..D.(.^...`.............]...F....j8.e.J;...C.S...L...@..qw5{U.$."'....Y[....ug..s....o<C.O....\...k.@.J8g.l...5U..y.;.I..ug.D.a....+Q3i\BugN.....}.X..x$V.A+.H..n..........<0.S.Xo.zb6..{..}.1k.2...y..b..V../..3..w>^Gtl....|s.@L.n...l....N-.u...M..S.3S@...`.M...?..C.6uV.E....97..!.`\Ej.px.a..@N....*...x~3!..!.fT.L)..]vp....N.?....$1...7.T;....}.^.d..Y+.........A.S`..kp.I...#f.a.*....j..O."5=.(0k.]^..@..t.k..'t....Nz..0!.Q8lvt..8.nl='.H/:...3y.U.v..9.pX...RO....[C... ...e..aD..Ji.5.9......5.N.J5nZ..7.....nmeF....=......v...S%m:&..w.....{f......5...h,..l...v....y./..m.~.5.6.6..P:@...W..oH{....{X....V.cW..G...r^.rk..y.sP....W...Z.....'.9rCISi.#...O.+.....7Z.{..a].... 6!........oOas...h..j._[.......=4#C.D.=...|p.H.,%..u...A.=.:.kN..>.~....s.9..t#...+.77a..Gp...1......c2g....$c8..5gTy......[.......6j.D.(..........BA4...*. d..%$..n....=1.t.-.....B...-..'<..+o.@'......r.........

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\d13127e5-fd4b-4f75-a785-0c9412bd1fad.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.787515631425775
          Encrypted:false
          SSDEEP:
          MD5:F29B358BDF5C8E3252F0838678B50DCF
          SHA1:4DB8FBDB6770261788FB87BF8E195691D367EB7D
          SHA-256:29A729580E4F51638E7B6FD8491F6C1961633EAEADA2345AF83D3D97E549F156
          SHA-512:FDE90345511521125A02D61596DAA093F940CA6FF9BAA845A1F0EE84621DB5A8FBC83CF91F52FB0758457C668E41DE99B9F87D946B98E33ED037708A1952028D
          Malicious:false
          Reputation:low
          Preview:....o..FS... a,._]..4&0F....99~Bl.......aYr.=....(R.3..$9P+s3....7.5..0.i...n...r<,........:*..j$.zO.....?wu..........a..#.w..0.j..`.m"t.^...... V.I...4h..aX.....\.s6....Sg..HO.Wk..]7l7.J..T......{/.P(.. ."9....3Y..:....-...._.i_P.c_...P.A..?g.:.........."...aK.g.........W..l6....Lg.b.~..d..3.4.Q........a7.4...^....)..x.T.Z.....^.>V.a......$.,t.w.ej<d..c.!...h/J.^......-.&.....Z.Q.U..J.....{7L.9.X..Q.!..c*....o.X].*.m....S.}.....(...O...I.(+.r.|.S......$....xb..{d...+q;E....].E.t2.wO.\.\.M.J3...XA..;..K..,.....VBc..:u'..$..........J.I.....t..^..T..o_G.X..)z".l-../^.jD...Ma....>..a..NO...!.$.nIP..K..Q......,T...U.w.4...w..W.ES.%S..uW.k+#7e....2~{D,3.~.2..F.f....J.....$.{.....h..C..`1:....3.....\@.(.B.Gq.p.....p.Dw..-....I.:..t.(....V......?XmC.(......8T..9.2.8.........r<..BZ.\:...v....... .J..)...B.nM..".s..<.n_9.P~...jUH<.q4.]..^Y/!.u......]j.C....d-&{].P.f......;..!`kE.v..).A,..Yp..)w.V.7..wf...+4k.J....oh0...D=M...-..Z..t.'... ~.J.........

          C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2660496737-530772487-1027249058-1002\f7c58e07-ee3e-4fba-96b7-94c9adf4df2b.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.794146552402322
          Encrypted:false
          SSDEEP:
          MD5:E11D47FACEF642CDB3B92FBAA5A979CE
          SHA1:F2F762F09DB7DD11D630B5A0C20FB631D52CEEFD
          SHA-256:13BD5ABF8E947A7FC0F8155B7E1D2119370DA80E59B8D2BE6C1EB641B006CE64
          SHA-512:341D033727E8FCB7FC226AA0F9A5D22347D21836C4B6857DCA6D570A03866A1BC8F40A5ED99711E916E66BAEEB227B7016FF7F9B5DF4F01F7D9469A0BC2CAFCB
          Malicious:false
          Reputation:low
          Preview:{.|T.h8.:.V..F...?...}J..a.....7... .@.o....M0.^...=X.....:ZA[-.oW.f...Fx..pBhUE.+5..!lW..G......Rg....../...Q..}@&.@o...S;z.z.....'.v.P.c....7...#..].pS..x...#=.6?I..}Q(.F..u..Q....f..!c..}%.$....W..L..[.5.r.).....I.9.....\.+.S!..n....4N....?..Mw0.:.J...aq.4..1A..:@I..6.(.f/.cp]..G...0..9.1.6E....o0_..a.$a).s..Z.Dx.`..TE..|....&..y...*(a`..........6}..]..-.C.I..X....O...E0.....g...k..2.....b{.FPp.t.!....c.us....w...K*t............h.n.C=.Le#!...L$...XU.;~.....[Y;../~...3Gf`....u.?...'..]Lp.3..4.IE.tQ!../d..v...{.._./..aYM.x...M...x....8.W...9..mc..L.;..U..^...@......H..]....k..jU:V&|..+K.4.D..0.M2..)...0.\....>..Y3....$4a.Fq.iQ+.+..C..o.`k.....W#a$.0O.............S!.[....1....X9.........u...2~...>.1..m......6s...?........e.|..]'pr..=..7...Y..&.."...N..f.&.AT+0[...'......9W....0....!.o).M.....;.. ...S.........H..J.".|.'..;".e...N.#F.....t......;*..<....?.@AQ.C...".."..&w=Y.1.....H.W.#.....=..!y.....#.D.l........~... .B.|....z.\w..Z.........

          C:\Users\user\AppData\Roaming\Microsoft\Protect\SYNCHIST.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):608
          Entropy (8bit):7.624142596179598
          Encrypted:false
          SSDEEP:
          MD5:3678FA8ACDE8E0E6658417BF3AE9A357
          SHA1:E05A0BD4321842202F12CA3161F20599E512D10D
          SHA-256:2D163193FF8639AA1B1EB653739AD0A5EAA6D9E1A8728D9DA7B878DF0DFA03AC
          SHA-512:AF95075F9DD7D18D934A6A042E5090BD967630539F01ACA5D91DCF6ABC27B825F2888944C0E4FF293278C9BE47B81D150A9A9C974F189A01B30D9BE33FDFCD79
          Malicious:false
          Reputation:low
          Preview:-..E$.z..7..S'*.U.>......7..i:.S....f...}..~\R.62.*..N..;0._.!*..2..v..g.!bc.....Rc.n.-....$..u...@...9...Q_....3wON-%.p:p..!W..*.Qv.%....9.?.T.B..H..u.50..!.|.d..8+^..t.....#...f.*b.Hz...T._R....q..#..rN.3[..^X..Rgzd...^..k.v7i..)..}5...2..t..~j...3.%.r$....V...[.qz...R.qs...fw.>...tYKs.[@.V...Pwo...^!...L....7..j.....-$?2..q..9.b.H..l.J..S[)=....l6.D-...Q..=..v..X.in..Z..n.a.<.>.A.D.f...>......T....o.?.....P..=9$..;.}.. .^...|..f.Ed...u..~l!..0.Ik,.2.%..DGqtwh...L..+td<S...23%.....O..8t...u...C....Y[.]...G..x@-d..M.w../.%-bg..?Q.<.Y...):....*.VB|....J.U..$xi`{.Nw.{L.......d.......

          C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.552436356329524
          Encrypted:false
          SSDEEP:
          MD5:F4610F91B5C6AC4ACAA5D640A60AE881
          SHA1:38D47507244AACEC3B008809AEA450C6840EA530
          SHA-256:BFDD7A8A506C36FFFE124A33C6904A4847F94464865BF2F29FFA4DA9AF540919
          SHA-512:4CAF357B4820FA22123EAA30869CDD8D0C25C81F93C7857E78B072A4ECCDAC17B4C4A2794EA096CEBB5801B86F5AD2DE89FC7B453F5FF399171E00A85B79F748
          Malicious:false
          Reputation:low
          Preview:....]wA"....(..m...<....O%%.'.D._..0}.n...,^.R..%p...C..b..2....1.F6d.i............N.H...`...:.....9......E...*%./oB......X.....$S.!....V.....rk...,.-..o.U.1..&.J>R.&...L A.o.0n.....:..LZ3vZ.8...:.......l........wfO-..O...h_.k....)$.....7.....~..J..Y.a..."..{..eEc.8'.?j...0..K.L..Y'.............s!....2...iPN|}B..h.z....[!`=h......+y%w...K. Oi.....M......ue.J....E7.h.F?z?_8y..k.;I....y..`..gj....b.KQ...G..7..x.Yj.MYl.p0.g\.{;.a..p...YE..a.R..?*....87.7...r..._....Oe....5Bs...(...&...b<......R..........d.......

          C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.553414424299449
          Encrypted:false
          SSDEEP:
          MD5:39A3F981721BBDA9980593E7AEFED05B
          SHA1:3F2CB79BDB8AC6D57CA6F3A30E48BA0B8B4440B5
          SHA-256:619276612ED0241D3418CB0A4EB7FCEA86A3F5AA47B9379C471392AE2D62E436
          SHA-512:36F74888B53350BD9339BE01ED9A8D8731FC908AC5DEDE1DB0E398762FAE196D23B6F1FF6A3696D80FA31FEB45B375DF7A14AF64181F37ED4AD253EB16C31032
          Malicious:false
          Reputation:low
          Preview:4...a......x\.<..z....k.T....^..T.o5.......7....>.../.RD...$..@......t.....3..u..b...-nM.g.1..p.Dq.V..(n.U...5....Cbo....+(...C.?.=....k...*..Pg.)..n.......1o.....;...J...x...X.eL8.gg..A..QY3....Q/...I`\5..Z.....]5kv.w...#..EKC...$...X...}.6@.......9..........,..?*...Hl....C. ..|.j.y....gc...../..=.......&....].C...!6.+.......6.....qGzP.8......4Lfw<.CS...z.C$.'1.'..@m.....,.z.=..qr..C...y....#..O.>s.....$>y.4.J....h..?Q..6...R......,..v.r.....He....w.|..G.Y...Z..j..tc..6....wT..+.1.....yr.;.........d.......

          C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):544
          Entropy (8bit):7.54367232789935
          Encrypted:false
          SSDEEP:
          MD5:0B8B183031E331E50D8858520A47114C
          SHA1:050FB5EE86FA1A48F2BB9501EDFA9E5E082F9908
          SHA-256:78846159C0697A2A5BCC441C81CFEC9C1E6DED75C0775A698B46EC537F9B98E1
          SHA-512:D556EBADBDA809C7D6AA5E691C5574F8FF90AB7BF3FD7BD2FBEF901BB04311A62AAB43F7391056228C30435AF739D3842AC8513802699BDE2DF13ABE8E0C8FF9
          Malicious:false
          Reputation:low
          Preview:.I.(S..!..&.y+............L.h.9j.U....HUy.>k.........a.kH.pe4.j....r_."....(.L.....l.w....;...l.s..rk...3..9....0...........G...n..B......w.].Ej.:....*.~;..{........<...B.$B.;........Qd..C......X.G.Q..k...4....fW...0..RK.....(..J.B...s.RV.{...h...S.....`7,.g..y8Y..ut..XT.J.V..K..p..w...=U......r.Y..}he...J....D..M....j.o.c.4..^..a......y....a.d....4/:..]...!S|`..R.hAMu..>..L..K.[a.&....b}..v.Q.q.4.q.u.B..va.E..Oj........."O.7MC....o.p.`b.v.5....7+..{;.....Fj..!4(..S.Y.xX...z.79.....W...N.....r.5o&GP.!...........d.......

          C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):19568
          Entropy (8bit):7.989124978247333
          Encrypted:false
          SSDEEP:
          MD5:9A9CF786DD93260B50AF05FF8DE26007
          SHA1:334BB9ECC482CC88CB7222BF006BED5445C3B838
          SHA-256:ECE8C3BD7FE31B4C8BA4F1F6B4F6B3FE8B3324F899666E81B87FD0BB4DFA4CA9
          SHA-512:047E8A48F1EAFCB49865C2806FE237F076BE9186320D2E2EAE26789BFCE0D77B73D53767C96E3D648012E64A8259E89306B1DF6B63F0D879A45A6FB4B5031061
          Malicious:false
          Reputation:low
          Preview:|9N....+....z.t.....e..9....-z...;.T.}/.K.UDy./.......V.....M8.F\..0.G..v',.2$..N}.X..-. A.L..W.)."....+..F,6.`.)..H&...^.h@.U..#T.E....e.....%..=....=az,Y.ae..A.8@x....^..x+D..7..au....5=...ov.h;P.2Fz..Z.i.!.*(E...=..y?.t....J.2c..!.3.YA.W.j....S8].Hx...=.c..s>...as..[ Z.Z..c..O;3s.....k.S..-....Dtn....u.}.&C.....0.........>j.J..ye...=......z.U..p.....6....C..C..1....$.sM1.P..i..w....?....].$...M.<-.G....s..Tn...Jx\nm.bXR.....g...........B..[......C13......an.a..b..*Iy.A....s...F..,#S.2.)..1."b...p../..)FV....q..@.<.....WFH.@l.hI.cK..........{.Zl.. ..6..:b9...j.............8..3...k~....J...T.\.!.s.G}..8...........j.X1.........\:\.p.+.....2r....I.G~...g.x..+^...?.'c....i.WL...V@.+..".......... ./..(9.p.[).......*.:...`.nD.......~._.E.RRs..OY........#B:\.d.J..Q...:..[|.}..T.....A$.].....ib....]Zl...xAq..g...[........H.5J....$.#.dL..ly;.5J..\i....... ..Ca..C.$"y*..PX..ukL.d......ko......2x.t..X..nd..*..w.aK.@......BI..W...........G.

          C:\Users\user\Contacts\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):944
          Entropy (8bit):7.785792570884566
          Encrypted:false
          SSDEEP:
          MD5:7E3FF387F29F72D2510653E7B6C00E8B
          SHA1:5E91CD550A2D1E51016D6332385B217317D4EA78
          SHA-256:05765C1CF65AD7F3CA4D11375ED1F79068AF7C00F7336D1803136B4E6A025815
          SHA-512:F2E214362B0D30680E5580A14DB19BE213FDE254DFFC530AB9E6EEE474A4DA75605B23838D655ED1E16D208BDAC95780BF802CE944CC92FA8462461C8480A939
          Malicious:false
          Reputation:low
          Preview:.:....5.9.Tj.k./.7.....!.iDG+..wr..m&..m9.Jy4JF.oU..u..6S....7x..t.Fh{..:"....#bm.'4.i*...s.^ti)P.....H.....2.3..0:....".H.X.V...7J.2+.....$..9.........6.~!a.Ut.d....=.V.~.5/}..C....*gI....G.......ak...`.M.Oq_.-....g.].w..Q.n.0...%...D.n.P}..H../j.@...#9$|2&.\`F........d..:.=.B.a.I..+V...;..nz.Wc{.......k7...J...18........+....b..RKM.Fi.31.......N<vY.U..!Np`E....Ma..)..:...#..6.o.. r;.U.Y..=n3....h6..n...D.....t..{S9.a.eR-.......)A{.....s.@..).Y$1 ....c...%.....Hj).R....Y....hQ.......X....TRQ..;........Z.........O........B^..&._....+...Wt./.;'..5y...d...O..V)...r^.D}_...^...^.&w.R..E.%....;E..-@x.....z....4\...*{9/1+.f.'.L4F...v...)s.G.[..........^../.j=....6.?...j...*..BD...x.F.?y...]3..M.`...E...].l.fN..>#C..HG^..c&.fn..Bb...lU..FoJKNt.7u^:;..Qc..O>..gj....Q..o\.d-.j..=.....f)=.&.q.,..B...\......l%/.LB.....w.-.Bm)\.._s.z.7q..........3W....m:.....RS..Y/].........d.......

          C:\Users\user\Desktop\EIVQSAOTAQ.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.865324460902625
          Encrypted:false
          SSDEEP:
          MD5:07BC5B6767F66112B2A93E9D7F005DAE
          SHA1:9DF713EE6FAC984ACBE0666782C628A47F641550
          SHA-256:7D2CA737CFD597C09908061607395F0732EB0834786ACFB1D13820397CB53ABE
          SHA-512:1009B38CB7C586377FCC6D68254AE33A1C36A4D7C16B6A4CEF8F4E805D686561068A86F11CD1AE9A0624BF1BD82CF3438C868D9453607C4D2F135D5DACA34873
          Malicious:false
          Reputation:low
          Preview:...?........-.B]....!?C..o....^..gu..;.....{`X.G..u?F.?z(.v...ru.^.z 91./'@n.s.;.M.\.v........nA.U.\.Din......H{N7X.>!.....*..a..Y)/..f...I.. ..JHp.8s.[(....r..P...I...p...,..S. QQ..Ke{.....U0.....zXC_....7.\T....6..#.2L.c#..*~.w......;...E.K..........E7..+..M.g`..WD.s..WA.w.Uw&.Y......1_.W.Sq..jI2.q.....(.O.s../..E.....&.yE?e....dSJN.D. .&F3y:...f$...sT........B..K...,...T,c|O./.....E.r.+.. ._M......WC.....e.=.`V`Y.../..o`...'.......h..;_.......%-..J..:.&L.n.n..{]...a....B5.M!...S.>.a.....S...\ A..+.3.1...n.F..M.=..s....v...4....A2.PB9J.....w.l...c........kgw..0W71H._....)...4....h...@;.....y1.Q@t......Z......Hzh'G>....k+.@...P..6..g....W.:......f..D......Y.(.K....F.......j.O...A.~.h...?'..b.^a'...L...E......E.E_...~.A..'.o..a8.....x;fs.B.,...H?..p.3.X..I>C.8..H..F..?..J.l..M.M.C.k.`.`.I.C...p.l..)..\..o,.....B.........Hd..)K...9...g.|x...r.aV.W..C...'.u.4..g.R...8..r....C.....<{#...V.5..R...]%.....Sy..q...S..w..L...MO]....x......o.

          C:\Users\user\Desktop\EIVQSAOTAQ\EIVQSAOTAQ.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.883714254487927
          Encrypted:false
          SSDEEP:
          MD5:8DA2C98F5F8A24E25951316CD07A320B
          SHA1:92E2B503B7A58BBB1ACFEB0AA6AB5CED1C6C9D42
          SHA-256:6F0D37DEB3BB194304A2AEEC8513A969973578AC053539F5CAF126D0ADC6ED88
          SHA-512:52B1EF004640BF6F8F1359267ABC4487070CAC14E2819AC4518329B0F3C421E0C7F3EE1C0549B0241FBECF0AC3794E96843A956F5770E3B91675DF99B5A64BCD
          Malicious:false
          Reputation:low
          Preview:.e.?...'.......n....<6 m,N!.3.M..a2...3s.q.........K..0....k.g.....=.H....9I.V..3.......L;&9......i..n...'..s,.........2.......L..s#?..1,Z.[...:...a........<.t.V(H#.PO.M8...c.....o.W.'..~.ET.p.V9.......Q......!*..9.d...E.S....`.............V.N.1v..(...p"*..[..p<...]..D....e...o..E7...x...!>Q..5. "8V...DT...cP@K%<SM.~..e.#..d..z.E.-x...J...~..@...7D....!..\{T...t...%....m...i.sh..3.]O.=. ....[+A..V^...XR.Fi...j#...pf.,B...U.G..5/...HZ.z.../x ............p..o;T..C......S...&3.8).....P7...U.v.A.lz._N..H.a...)...M?m...[.`.Z.x ;..k+.U|.!V.WL.....[]*5*......8u......(,...f.........>bL.b..V..I..(.]..e."E.Q.oI._.:.`....6....c!......]...gw,....f.y.&.-.<.\{..G[... ......d[.}_.LG.9T..{ ..6&........+cv.c...E1m...~....r.u.'.5_...qe.......!...H.0~..zv..^.U..hd....'..0.gd.n.....u..U..o}......c....x....X.6J.Ur..%r...!zq{QgG...#gc.+/..R{....1.....w...!}.z.Z'_.0Z .,.UA.C....t..n.7..5".x.pP...#M..........kC=.)v......`..TA...-.^/.3n&........?..o...G..

          C:\Users\user\Desktop\EIVQSAOTAQ\EWZCVGNOWT.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.877653391629162
          Encrypted:false
          SSDEEP:
          MD5:B56869BB628D8D4124C64C7D09956EC0
          SHA1:318A04F8F04F471D884415071D8A046BDFDDC941
          SHA-256:4CA170C6F5D44371658DB1CFB8A93C7C13C5B4DFA384F7B6A11521AA34CC3627
          SHA-512:6031C6816A4624B5D731B24DF7595A9FCF57C68B2B24B77E985029A55865B468EF60CD6BF040A22CF50F2EED82C196F970FFC6558E7CA80F8A8A7FA930AE909B
          Malicious:false
          Reputation:low
          Preview:..9...;..3..!cp.k....x...m.V~...~...uZ>c..#.&........#[....._.J..M..D.S"./J*Q..bE&..=...1~...._sB.{.P..&C.u....a.U.v....k.!........b...6tk........w_.8..{........T..F..:*,..>q.........+...x....^8{.i..H.i.o.4.......S..v.QU..K..O...r.._..B....z..&..W..:-....>.E.r..,..B..'.\s.,...P.>.5i..s..z+>...?.v.hm+....v.4.}F}....9..7.T..e..`V.........+lU..MN..:......n.N.......<...._bS.c.d...Y.._...m-x.Cf'V...FH.7.....%.HR ..}^%&.4:.....d*....}...1.....Y.T..bki.9.4..$......#.....o.6.4ss.f......[..........q>.W.....G.n.5cdwT...Bq{...*.......2.bt.?A..C...O..s ..M..4.~.l.-.\..G..%]a].b?.L.P...|..'md.S.7.('..|.d.....E...T..<.Sv....*.:......j4..2}.a..N...:..g...'......[.*..[&...1:..T.1^...ad.v... h.0 ..2.szU..'.......1.....2Z.zA..).....0<..6..>g.A...f...o@...hQ....(..(......A..AW....E.....:.....q...K.....y@2.6.g..6.UK..c.C.u..[L...YL."..[&.}>..1..%..T7..F............`j+!.c.+M.q...Q...||....J.........[.h.......O=o.G.%.&!D.......o.Y..*..J.%.#..3.4.=*

          C:\Users\user\Desktop\EIVQSAOTAQ\GIGIYTFFYT.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.859202210378799
          Encrypted:false
          SSDEEP:
          MD5:1FB66CD826AC72A3EDF990F3CAE9E13D
          SHA1:B5074689CAEEA19309ACEE0A293ADC7AC7FB55E5
          SHA-256:FC49B5D596A3BCDC9D4ECBA7B6F1842C50F20EEC061CEB3C0BE35D6E78FA98C1
          SHA-512:1DDA4376E914C6A025219483D9886EA4F95EB879B64B555633357B22EB0364196F6AF7E7695CE8410F0A0805867AE7225BF5E3E24869070B844DB8E0BCB4B7B9
          Malicious:false
          Reputation:low
          Preview:FNF..7............Y-...z....Zk.t.....y..,..q.)ss^.../..Kn......S....8N..u...q..kg..''..y..NM..o...a...H...A.WO$A...K<.v..k.;Q7v....r.o].....(...'(mC....:.+Zl.a......?V3...U./qj/'..*.fR...Y..o~'..%.f.E.5..q...'...5>.Y......d.m..g...T(%......Y.{.F.........n...].^.i.SrT..`....[<...7..j.-..CB^W..[.,W.E.-.$?P...r..A.5.R..!.uF.2.........k.;.f..N..3hK..Al.?<..C/5J..6G.0.5YJl.P..].J)A........2....i.o..f.....M:."&....EH..76...rd..w2H.ly$.Nn.l..{?e....o..h..h .....iQ...N%......y3H.g=.h.V.h...D...!h.5...v.....:..Y@.l.|....zq6..Y<......xWX98.Z>...(...|.....Z.v....V<.........u.........Zp.t.^....d.D..s......q....G.N.+.q...u...l(.d/m...^...v.{..@.m.N..#*70.)...o..m.....=.......T. 3.s....|...x....`..B.?.l.....|Hu..y...x....y!U...E .R.s.........|f...F..8..YQ...?=6'.R.\.......$..O]+$L.db..#..q.....`.............=....._..J..M..3...4....!.....I...y.oS.)OwV$<......m...cj...D.U.. ......aC...H.:.Z.g....h.n...q.N;o:.kj.t..~B.G.8.ar..p..\9.._.|.*......

          C:\Users\user\Desktop\EIVQSAOTAQ\JDDHMPCDUJ.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.848948999047115
          Encrypted:false
          SSDEEP:
          MD5:839F9480400873861129281730AE0DC2
          SHA1:E9D721B6C9C0155779C3A67DE350449A25C259D1
          SHA-256:16485FD4E2DC76B7393767ABB137C14D6D214B5BA96322E15F3625458F1E607E
          SHA-512:41245A3D77A2C116E09059C9280CEF4B75C09613AF549FF01FB3A725739605536015C648A8D3234881D3F4212ED54843D12031E74AF8495589DBE7D876538552
          Malicious:false
          Reputation:low
          Preview:.+..gFX.Y.5.E.i.8..;K-Q.rts...-7.|....G|.....BXJ...6...7........'A......p.=........;A..v.......... ....:O....4..9.W.5....B1...6..Q.cW;.4.Q..Y.V..;.=t.D..b...IF......V^...@\.Wx....T........].....Yp.N.d.y.9>g..c.u..@.^.NC..bt.m. .G.5.j...=..%..(|MQp2w.....,.-..)....P......M...P...j....Q#.d..-..xr.L.6....@<x....?;d.......t.}M.....0..b.0.Ln...@.m..v..'......(.H!i...'.a.!.O..<....#..*..0._....mx........f.1.5n.+#>.%....lM...\3V$S().>.FW...m.4..EEp.@.)~j.r.....Y<...../..^,.J-.-#.0..$j......:........B]...ae.H.`....P.@.3...s.......L...g.X.d.\.S.x........i......>.d.n:...V....J..Ln.6.Y.[.3;.*@.$L._$B..........6....0]X.~9s_YI..z._....?.";..J.....l..G....w.[.h..g..8K...:....<.....P..X....*l.Q?....R....6!h.........Mq.N.^.2J.B.R.....#.....oH.C.?0f.=.j...#.........)%xb.J....=V..#%iz..L...X.E...Y.y,.o..46..].]...c...w>.u....}7L1.....}.i;\.^I=l.......w!...X...cA...2.oV...N.%.x... ..-.uM....2i4......O.n..P..A....U....`.x...mz`2.....|.}.*Z.n.N....A.

          C:\Users\user\Desktop\EIVQSAOTAQ\KLIZUSIQEN.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.882232840306477
          Encrypted:false
          SSDEEP:
          MD5:86A6A4548970A09F5B4253A4B2725194
          SHA1:D9F715D3D7922AF10B7CE188C449B7475A33943C
          SHA-256:549AEA5154CCA86B45DB3E685DD038D36A930B0F685C58B8197C7C71257B1182
          SHA-512:7504F5C8304781A492372EDFA599B2D81FBAEDE075CBB873D404B3008C56145183C5C5D75F35E43F471CE936F83E6A81344232A550001B9176CF7901401229D6
          Malicious:false
          Reputation:low
          Preview:2P~.0..dPB.n.........[...6...tT.J.......Q}jr..W....E..%.....r.#Fq_it...*...nFx...^.A._....[.>v.. .'..^.....U....L..A....A..-/..XJ.i9......R....y...i...L.#.:....Z...+...t..b.l..4H....`...l.M...'.#...........A...xx..N~|#......P...f.!.M.7X.T..C.Z.W2...{..#}..{^.....Z.H.j.. 54A]..'o....K<= ..}V....v.B.F..uSOm..*.m...k`n.u.( ........n....rL.....l.H...C.S....YiH..'.)_v....f..q...H...8&......-z...3).rP..W...C...5.U...UIg.e.m.r<...O.W.....X...Pj.8'fU2R.pqHo.>.N.. .XNC......r.^.".[..t..8..... uL..zr.hp.2.7,.....L6C......f..E8.3..diO....jF...2......;..$#..rz5,.f.M..5$)......f}.v.u.0^I.:..c..B."t`2.u91....%K.'..I.L....*.....&.@.=v!.<wr.....d..0.m: f.L.!Gh.B.Zry..I-#...:*....s..v.D.y/..w..<.9&.L.V6~Pl/..;A.....6h.._..np.-...+.(I......H.<,:....0.v._.K...g#JR.$.....S..&.IJ.R-..n..iG.O$.i.2@.,....?.#..<...=.R..w....^J*.I........^aUg...(~."..6...U~.z...c.......oW.$d.f...1.....3N...u.;/uW.:.^..*2....w.&..O..lBY_.N.XPB...R!.s.;Ht..zM.0...+...>..R.......

          C:\Users\user\Desktop\EIVQSAOTAQ\TQDFJHPUIU.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.871684578229645
          Encrypted:false
          SSDEEP:
          MD5:73FE444C73E8E97C32773A606E5682C8
          SHA1:C7992ED3100962C20181F35178FC6AC84DE4F18D
          SHA-256:8AF9EC4EC85FAFBE1DF25F4E92FA6B972510F522E7CB30008479C62F21A8E0EB
          SHA-512:C150D5D84A1559221A33253842A28099E9BB44B72D9D449ACBED7144293B554237901E5816B11A96727EE19ABAC3DCAC6A989ACDBFC1F3FE76F8C971342A834D
          Malicious:false
          Reputation:low
          Preview:..~...<.[Jr0.`...V ...0xj3..*...)Uo/A.w.2...i....~..}Z.T.PK....bu....j;.i..N.)..QD.,)|.......Q..Za../"2g..;....3\V.p}...2O.9.^...F.;.....l...tn.b...G.R..iv$...!...=4&-n+\...!G.2fJ.z${.0'.y..v.B.).Q..B-....hp..{.0.#J.......-H.-M..e...O......<).D.F\Q....7...=.G..n48b...W.3]...7..}...,..>.NSieL..-B.........=....%....C.B...C..."EO........8d...)...4./.n.u.!J..m......-_...zc.. ~\I.s..H.i|......d.).5P....)oS...$.@.. o........7g..g5p......1D....!.sW`...^.WH..'K..`l.-.........G.......k..^.lge...#..<.;J...._.0..x...%N...$....m....."...2ir.H=.v...n.....B..~.f..[t#..{P.=..=..hdU..G.CA.. %.........>P(........JH}<O...a.kr..el..Xi..,#].Y[|.L.....1..7.g...{.8t.=r.P..0.../............*..4K.._...8b....\g.....wV.......A.....$nY..@......"}n..$.7. g@5...0.O.}...0.P;&0.:'it4..O...}!.H/....!.:.VK.t.C....!#0.&.....}d..\.UHz k...u."....i....$3.6M.m.b.#P..X...i.E$.`..:....(q..n.e5..X<..V..GX.V.).t.....,`.Ibr..1.jf...~.vM....%Op..6z8.T4B6zo/.U....j...K..t.Z.4..

          C:\Users\user\Desktop\EWZCVGNOWT.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8610702569447035
          Encrypted:false
          SSDEEP:
          MD5:86248249D9A453A93EA76153ED639A0B
          SHA1:7B8935B06AE53187981FE23A68CCC4AF348D28B9
          SHA-256:6032F3BF9B4AC820E5096F1D2FB3494C5EB6C2051FA5058655783DD9F3F7616B
          SHA-512:FC2452F4414ABB4027277E10D5C861D2164CAD76AC7A6292963EECE0B9F4C1D5337FA19707424FF351D9FE8E8AC27E1D05E2C70FEF32766CDB5C54370B2DFD67
          Malicious:false
          Reputation:low
          Preview:..K....~..c.2../......3sJ.6"...j@.....J?OY).....t....V`.@.yQ.+U.....|R3.&..{..K5A...wbD.%A.]i..0...JI...Z.{.O${M$I....3E..-..T.C..2.,..Y.g............5x.A...i.i$.."o&.!.+.X.v..XJ.Y..F......B`....[.6..q.....&..}m.X_..(S.IY.cwk..7W.:.w.I.Z..P$C$PHz;..B...-.#R.W..qz.Q.n.....bV..xj..'..^....2.BQi....X.q..e...T..&!X....3...w..:o}..p.A.w......4^...K..F.Sg....e4..<a..5.cD7..&.M.-R..deb._....G.8s..v.._Y....b..Qw.....].R.."(.-.xV..\'&....1.K.c|..A`$5.T..2....w.^2\.V..\ql...:.Rz,.GY.~9v..4..-....+......o.......ts...Q...(...L..I.....F..@..[.I....x..BUR..r....b.8..2Y....>.*;....#..#%>N.........s.ik..w.T.^.........e.cb.._..E.......?.Bfd.....".EI.1..c......P....w ;a|j.....e...E..c.6.p.R...wj..Q.........SK...sN..A..m6.V...[-Rg.....\ny.&\.G.....@.Z..`......,....t.6.d..\..k$J{0.,.,.b..O......v..3...6..J6'=..W.p.WgE.]<.c!/......}.dv...N6}....3.QUg.XO1x.hA..:....I..H.q.....R.j.at....,.E.qg...h....xpt..-<.Bo.......Z..K..N...2.e.1.A...W!

          C:\Users\user\Desktop\EWZCVGNOWT.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.86031645083392
          Encrypted:false
          SSDEEP:
          MD5:9F52B08B209255200719BCAA27B74C49
          SHA1:F65E704A7A76A32733E475031A50306806079D8F
          SHA-256:4DC48B206E3A41635CF2CD4AB03DF42512E577F05B000FB63CD7B1C06424A937
          SHA-512:DC56CC4BB4E2F3B4A66F79A36195ED312D7F563D32EBDA9559F0561B25CB2198D5E988B15EDA0135023A59D226151998FD40DB33CD127DF9B776D64CA76C6C15
          Malicious:false
          Reputation:low
          Preview:.x.!6e..0w.Q...Er.?...y.....z.....4.;.e.Y&H.B!....9_y...@hHi..K.............'....P..P....d..Z.9S....YI.BD.Y.yD.A.1....X...V...-M..3.../J.3.PI.`.....'".mu..^.!.K.2U..nF.....M.7.P....d..2?..4b..*....K.?.=j...b.k.|.MTi_|.w.g2!.v........k.~w..6..._R.s...4q.\+>.{.......zU..(a.........z7.]..$.....,.Q.....([...!!..>..r.f......V`.%x...+.5.S.[..8.z.<.`.ZL1W..r..\.s.W.4..B..$g.T\......N...5..9.I.J?6.-./._._.7ym..q.. ;..?c`..E....i.Ml.`....1...H..?...~c..m9...o.....3.a_.iGjz...dP.=..M...(wr%vl7.S .#.F.I.M.KH.Gj....{P%k.p....V........=..bx.AZ..7.M6...G..A..I_l.g.x..,T.J......H....g...;z.........../lL..`w.......[.W1....L..f...v.....t0Rb.U...N......DNN.x...u.{9=.f......'..4.U.....:v,...z.l...{?.c.mkFKuS-g..`..q.......c....ms5...@..$+....4..K2B...n..I..<x...B.v-.&``.!........N.u.....+..M..8...Oa .......4..U.M.....9.v..-.S.~!.\.1..c..D"+r..O..T0..h....q._..,pT..._......*@.jY.W...LoT3....X.^E...1.h.r..?....Ag...s_..X...........W.c.s}..(....

          C:\Users\user\Desktop\GIGIYTFFYT.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.863643670950285
          Encrypted:false
          SSDEEP:
          MD5:F5A4AA81AFB668BBE3E463BC9C34E867
          SHA1:EC2F8FEBAE0D442BA4F4FE64CD1353354C8E711F
          SHA-256:4FEB2A43BF5ADEF5559FF89CF6FD0721EE8438E730B4ACD22A4AA0097AD5C784
          SHA-512:1A122658A19EAAB45D63DE7DBD052FD90E1A0DDE0D9C865A66E1ECDCDDB79D54C9BAE38E7A108B50C628753FE061C0CB022192AAE81D0DD10C24FDD21411844C
          Malicious:false
          Reputation:low
          Preview:.0.!...,.t.E..,.$.^...F=..R........T~bZ......B.K..7...u..4dj..&C/....o.......Q.^..3T....7:..5S.....j.Pna.....e..o..b...7.v.!...........58ju;.O".....u..~......<..7..i.+L#y.Kn.VsF.`L..@....Z...93[.F.yE.3.H....."...u`f."{v....k....U.(Z.>.c.....?.,.."...}..s&.0K*..~..OBq...Z*......Kl....F6.Hp.6..q.s|.nv...u.<Q..z1..S.4..J..?Q..n.....t....H."3#......[..f....!....6.z..`$"J..v&....``......A..\b..7...)uC.O5.;.e..H3.j.~....... .......7r.[?..z..-s.f.j.dO........;uV$.7;hv....%.R.I......:].E...(....p.."P.ZhS....`.H..:...._\:c.x.D.......T.w.....hm.-...Jo*..1..Y.P@.bN.../..3*b.E.;.P.^/9..d..F..~.k.#...Q^.C.:.@...._HY.U}..=.Wp\d_.I.(...X..9 .pJ.:.....Mb.}.d.......Z.E...'....pg.......N\..p..u...K..i...t...\*PI....A.j.S|B2I?.;.^..Q..Ge..K....w.r.1O.).3..w......4..i..;...o..u...S.....Q.fjF.\.UC..s.2....8.d.....t......H..l.f...5X.i.gM.N,..........\..C.P5../|..|..cT.9..T.. .}"..Q.}\..n?m.......;F....z.w'<.LNQ50T......DH2+.....<........P&....P..g.

          C:\Users\user\Desktop\GIGIYTFFYT\CZQKSDDMWR.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.87644824441461
          Encrypted:false
          SSDEEP:
          MD5:4B345C5F82E43C34E4AC2D6CD74FF8CF
          SHA1:46223ADCC01D8332714A2F0BA3C064F1FF41A572
          SHA-256:26F09F401DF24A261E8D6062FA7846DE334B28A7A14F92700BD1D7CADD9A11B8
          SHA-512:B45759C63633AED547472F18A981B8A8082FA036B9170246D51BA9C4A9F6AB7477457A1ACB1B3F4AD338C56C1D86DD9F638593F1FC907FD5F73F165A12885A9A
          Malicious:false
          Reputation:low
          Preview:<.S....`.I...*$<..8+XBC......g..k..........b....t...,QO;...K.T..!.....v....|%!...(..>.;.....[...........c.r.Y.3..^,.s...cr?......L.G.........4...zb..z..r...Y.......O.{q.......q.....T..W<[...CE.D...p.<w.tU...F.....E.2....,....x..v.........8.?.&........Fw..-dC_.......jFC &..U-.%........k....+d..g.).r............>.E...75...U.7.....a.. .;..m.]x....X[h....h.]../F...>...p..=..P>.L_.....<z.../..L..K...F.0j./4.Ob....h.?\..G.\@y.p!.g..z0=...$....=...Y....4._...?r..Z...Y.J3>.=....j....!.g....(.\.\...d}...G'...s..|Y.K>.S,}.M~v..^......./k...z....Z...".m.Ee.3...k..f...?.i0.d...[#:W;..*..(..f.-.Ifv..?...~.R....x@.s..B..O1.7.....F.....%...5qov...~.0n...|z...?.D...I.1W]..u...q.....X)..O.\..*..v..4S7..f."..-v.f... `N....M.chp&W1 ...Q&..(}.t..@6t........3....%........rc...........H..V..#..3.4n......k._.. #jo.......<.G......"`...._&.'!....}.ri]..6/7f.1.i...5._..._...V..&j.....G.0w.....S...ozhG...x(F...C..5w.w.........6.....u..v.A...[a..s.....w...+q.

          C:\Users\user\Desktop\GIGIYTFFYT\GIGIYTFFYT.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.873229352577522
          Encrypted:false
          SSDEEP:
          MD5:59255E3D8990075A58EC3EFB174304BF
          SHA1:B5D986E021A35AE7D5DF5A1B391BA67BD531DE7E
          SHA-256:4787E735736F2F8B32CD19AAD0AA093CC7A1F3F7C44718331AE2E3B61972E89D
          SHA-512:0B91867C0A99EEF2D72903F583FDCFAEC014D545FF79E55DC8B128ECF32CBF1DA6C6F76CD79475C89D87FEF98E141D1B0079C0A43E388E960C67B09DA5DA3E1A
          Malicious:false
          Reputation:low
          Preview:il...Jb..]E..).I...s.!.i...C...Y+/......P..W.{..P.B..{.$..Z.K..F.b.N.h([..&3,..9.Le.W?c?............K....q.!.b...5j.....O.)OnR.?..K.,.....v.0..q.S. .=.L....~.B...-".6.L.g>.........).d...dm...P......+...gE;g..'..,.?.\?.u@QhQ .....:D...|..c.....O....p4.W..].cQKK1$;..[.e.c...5.s......z...5.-.....x,....71..4...[...i..:....GF...!..KK/.{....\&..R.]........M. .......G..f[I.,#.s^*.!.R.[Y.9A).,..h..VE.`8.ch.`..Y..;GAU;F.c....j.......Mr3q,.m,....v.....Hb...H6T.n.=z....... ..xY.....2.n..ur. .P8:u....9kD.....$).......k...k....t0....cCIN..?...:..t...E.7..h....T.N...|...n..,1}K....8.k9Cb.Js._.a.7.uU>..\e.>.Z......~e....p+......lW...L3C...~..lYf.....1.J..>.o...M4..|.V....=.?t.k..CGU..1_.95.0.....u..W.6_zh.z.....Ud@.._..~..j1BrG}.8....eb..}..x......Qj:..,.a..d...@.....0...g....@..|!CmFj..E._...........K.*G.pp.....c....w....r.;..H......e.P.&..._..L..a...z..8..n^..y...ao2.d.Y3m.+..lm.+.I.Q=..o....c>.t...;...~?~+...a..%Z..;e...`t..-.~5..C[.O.....S.U......a....z.

          C:\Users\user\Desktop\GIGIYTFFYT\QCOILOQIKC.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8559652338535315
          Encrypted:false
          SSDEEP:
          MD5:5EFB5E5814C764C12FF17088E942A98C
          SHA1:5E5D8F526F2FB6163CA46C1AD68F230B53C38179
          SHA-256:59BF5B3E318F2C42A2ED0234800223460DDA83FD0AD34734F3737C7B1404D253
          SHA-512:FA6C5A730628107FBE6EF47C4FD8AE57BEB9835CAB1578EFB4051881A17B957DB838E83EAD05B84B795F924D41B50E52E1D34F591BF261B8AA54F5155C428721
          Malicious:false
          Reputation:low
          Preview:.....[.w.e._q.TIy.6`LOtR..&.P.2a ...@{.y.R......^.....Z. .'g.D..+%.sT.Sf......CZd`&.c.......%><....I....7..b..H.....(..S.L#....er..3..T.Y.....Z7....&Cf`.+B..Lh.".G-$z4..>..0P..../%.lJ..4&.z.R.X_..v..cfQ.........f...A..ki......RH...K.7I.0y.K.....j.f......`_7oX.vwj... .......Z.&....e>......,..0..G.......A..5........g..*.f..}....:..n.a?.E.......n......C....1B.#.q...`...Y..P*.P`<d....c.P.G....]F.v$.....^[...P.^.c...V.`%Q.-8.`M_.......|.0....{.?..@J.......'.Y....@5.L..w.;l)..:.Hl...'..z.>..7.".%....u},,..U....A..l.G.{....g<_nR.=....t.Y.l.`.H...W....n.@.H..].)............"h.w......Yz...;2...G=}..^.Z...{,.xV....z..W..MI.=v...\,...b.v.h....:g......P.l..%...=.OY..Y..w#l..>..Z.>.....)4N...oE#....W.AE.V......9.D.....n).....U......]f..l.jL..O.J3.^...f.7L.eh.t..E.>N.hK...5.Gi.p..y*....m{...O...0.~...'.].VsWvg..$$.~....W........5..BX....?|...M6.t.....Q.G.@...~r..27..=.*8:vP.......<........v]VE..#....j&..3Jn.H.HC.im....o...;L*r.....H.N.d<....G.

          C:\Users\user\Desktop\GIGIYTFFYT\TQDFJHPUIU.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.876299699733497
          Encrypted:false
          SSDEEP:
          MD5:64A91EEDC80132372AE1D7D4D0146CE1
          SHA1:8A23D81A0DDFC160C88AFCA96BD30BCA00333713
          SHA-256:88CD64C822F70F890B489045BD9C4BC6BC415502CB8D869429DDE3694BE2D66A
          SHA-512:1D55095A3234A703298125F9BBB1D8C064E47A20F69A80637101E473BC4CB5C7C96770D10A79AA5114C1D9F63A82168F8A3A444DA2CCBDB40043C5A974449043
          Malicious:false
          Reputation:low
          Preview:-M..!....m.m^WJ....5eSi%p.$.......?T..*.i...e...Ln.b=Z..Y.K..1..ex....]...M.KT..N....0...Qs|Q.{.......5V.2.q.[.Z:............l.vG.....k...0:.."..3S,.V.VL..%.>p.Y.'.8].....|c..ee%%.._'gg.....-.....z...D."..!Xv...Gm.=..S.;\,f....}......d.^..T[...Y.../..#.?.h{n....N.[...U..s... .....w@..B..D,....f.GJ...*B .0...g...Gu..GO....x.....w ..M.<.&..S..$.m.}...3.5..&.../.1d.D..>..{e..hbh..?.u...0....p....S...g...~l!...cq....T......^.x.`S+..R..c/..&..5....k.....Ne.".......#{bHH..cR.kN.Bi.....XAe.-..g. 8a..Fl$/.l.0..._.......pXE.'...'l..j.d.AB....0..%.we...|e< S?}3.Y.;..m.N.....n.U=U^ ...a4.....$R.HJ.c....i>....t.......?.O...9...R.H....~z..Z,..h.3..y.c.8-...EO-.....#....p..~k.5ge..]...*)..d.8..`L`.@.-..l.V...e...v....Y...Y...m!5.[.X.T.(.y.`Kl.t..:...MF<W@Q"a.[..XCoY...J~.)n...G....1l.f..#w..H.x/...7...9...Y....U2.#.u...HZ......Z..@U,<...{.....]^`a|(..>.,,0<.........V..d.C..>...p.4....iP..{..P..=.......2.O.x.JB7..%......%..}..o..B.h.8...,c.....5Kt........!b.j:

          C:\Users\user\Desktop\GIGIYTFFYT\UNKRLCVOHV.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8693167534290165
          Encrypted:false
          SSDEEP:
          MD5:4C55234D7CAAD8F0D024B0D61D30EEEC
          SHA1:FAA3AEDB180C3EE78B59CF21B8ADAE390EFBF75B
          SHA-256:DED3E91EB9A6670F827D7637DC59FCE1A39F3D8E1E37DA20D358F9A3B1CE19E9
          SHA-512:297E16019F3866C5EFF70B14CA3E9D3FBD32D3BE492A42C8A145C8A7AD0C6AF567DC37770431A581341A6F69BAA80DD74D15155553DD08037FBEC73BC5E3905E
          Malicious:false
          Reputation:low
          Preview:O.....T.v...\........si%I.8..M..1....u..{.*.Q....].N...B.....1.\..f{.Z..S....1+.T...].F(...[tc.k....F.....D......{m...1..sR|@..$..#.4...?$a.n.....%...:...t.i.E...VBuo ..T.* `.g..\tr.]......L..K.iA8.&.J2..=.n.."4...Y....0..)w...[......;G.....cNf.r-..-FG3...eq.G<.2...R...f.o6Vq7T.....8.~.dx1s.O.Q.L*..V.f.._.Mu.^..K.3..U..+...J8..'........T[r...cH...[..t6....I..7......o...9..x._4L.r.(;.k>.T6CG.....5_...(J.{.v....2Z+lqR|...j3c=Z.......!.+......#..KN..2Y.EY.}....\9HQ(j.e.#....u,1.f..nKn..m....(...."A.F..4Rbf..........[7....F..G.G..'...*.,.....n....`{.<?..Ge......g..q.1fK...F....;...A..4....Z...1!.RSU.....M...C./..OI.........x...yP.P}...P".)..n~.l..~.v0^.....ntx.B.'.rTe*p...;2......n...g..n%J3\P.4.:oR......C.J.. 0..]3.f..F..O.P^..T'......-.)...=/.d..W.W......$.....(.r....l..%.Z....&.8..I7.I..Nl.Z.e.R....u..........>,M+|PG7..{...H@.@.I.x....?.[.T...c\.3.......kS....p.<0..>..9.q.N...jX...yVC.........g`.L...p.u.m.^] ..y$7`.j...0....."u...F

          C:\Users\user\Desktop\GIGIYTFFYT\ZIPXYXWIOY.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8724494721266405
          Encrypted:false
          SSDEEP:
          MD5:07D9556531309410A17450E67FEBCEA4
          SHA1:4E7123CDDB41F02BE92B81C7A2DFDDEE9043EEFF
          SHA-256:41080AA2BE41256B1FF95ED594A020FD7076687073F07937A4AB7C28B54E6956
          SHA-512:78D2D87F871C471B84F302F388D61A3849FBBEC509A663AE5F3C6F2A3E45051A3BD48D2FD7ED37585FB11F42660F8E75CBE7FBC6C07AD1C693558B7EB9CC6DD4
          Malicious:false
          Reputation:low
          Preview:.*..7.]gZh.....q;..'.b.s...VC....~..i*.t..,..K...i<.X.ud...T.\.?..&.P5...c...@....7;;.._....Ip......<.....a..b}...;....{C..L.M..M..W7..<NB....7...;..........j...i..[..".....r...D9f>;8i/GC.r..E9.>.wT.UB....+z..Dl.P.Q.M...x%=......&$y>..^....t...%P.\.cZ.\.2=.].O..t<.....A.....k.p.n..b...7.d...c..zh....sr?g. .!.;.q6..!gE&j..2..,.U+.s...d.>..QiF...P.h...B].\.?iv..*...!..k .@CK.r....T.$|$\nT..=a.-l..@.75.....0_..UR_...v3.ki..7.j.i.fcB5.X....D...k../7S..t.%y.d&xpm......2.Uw.C.%]..(sT.Nh.4E..*........-.......>..b.....Y.."eco..)...%n.cq..L.^_c.Q.t9.^....k..|.k....|..|.'op..l...."..n..dy[|...o.n\.oW.e.!@.]j.4....09%O.(M..!..m....(a.4..z..2.D-A....DcO..mSZ3d.V.9..k.m>..q.....|..uN2...Ik....... ....7..~G.8.:...U.....X.7...H.../.?Z..~.YyX....t;...e.*......G........3.XL7c.Qgr@__.v.WT.Z.5....q.....li\.Q.2...+Uh.-....Ag.....Q'..Gu..K~3V...OQ.G...Y~.K'J1.k..b._. hp..J...z.h...Kh+.8.0..h...&..%.%.v#...l.3qI....Z..].uw.....F|.x.a.+...wS.Q..u..+.R.k.,es..L..9

          C:\Users\user\Desktop\GLTYDMDUST.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.889099414939937
          Encrypted:false
          SSDEEP:
          MD5:67F9A7F31AA1FF481B8EF65CB4C6FC82
          SHA1:93DAC2A1D7AFDD7F77E310AB6E0C6F5B6C8DF537
          SHA-256:A57333E711679F53BFFF8562EFC2BCE6F8FCCB89AAC42F8774E540EF21F96782
          SHA-512:BCF158BCEF1EEA4E0FB54B6488D4ECF1ED80EDF75ED5449932E273EEC11EF177E43361E86826E44AD4CA8A09911B05A29D5DF71B028DDDC58C4438D3A1A6CA5C
          Malicious:false
          Reputation:low
          Preview:3.n.p.eN.....&...%.a.BN..F...u....OX..(..?.R...Z.+..........D .T....{j#..A* .~j0.qB..%c...\X......rO7...?.J..a.\.H.u.S4..[...H)........k.@.LQ.(2::..j..Y....(....zV..*8......s....R.o.8.f$...PB.eR.....c.u..L..."h...p9i.@x_....G=D.I.'H.:U".L.._.N.0...\`u..X.[.../.1..@.b..+..X..F...............q&.....h..b.......... N=]a(..'....p.....PB..W.3.!B5.....B.....c=.2s.C..&4..I2..>W-=..W.5..S.'..l~..`.%X3.j.K..E].0@..z.....d..`...H.$T.}...}......$>_wa..|.+......y.-.+..uk.*o....0..6.K......X...."rs^x!F$.U.-../....@.9.B.5.3.!.I../.7..H.l.......TRm.............=........6(..:..(ge.........rS..G.,Mp.!.<.7i.3.Y.%LG..R..I...^.sV.)....^..{..x......'..y.q...q.6`...s....V.9]$..u.`...1?...R1eF.H....AD.<s7;4<?....8..x-.............~.Fc....:r...J+..Ne..r..;.=.Wh...>Z...d.\r......(.K..:..$\.?z.~".|YFqb.\.E...1>Q3..m.h&&.;..0E;.*-L..U6..n.:x(;4$....1;..<mo$u.%-.)...^v........_..bp...$z.v..........Rc*.+........1....%..*....T...W.h../G(N.J...Z...A.H..-/.._.*..6N...T5.?O.

          C:\Users\user\Desktop\HMPPSXQPQV.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.87869210483133
          Encrypted:false
          SSDEEP:
          MD5:C65DF7C34CB30BCA381E014D84DF6962
          SHA1:C0E09A636BCA9D57D5342FF31D816A6EE8D30359
          SHA-256:8542D382CBDA9A1C423594CF50E66BA311C8978E9604DC4186A8E2DF901A3355
          SHA-512:6F46F7C88C5FA9CA218FFFE3152933D55447396B77739724518D38504811408052B0F2D5222E8DB3620B33318A90C7EA719F02D99517ECC59E7AEDA603B95F26
          Malicious:false
          Reputation:low
          Preview:.......F.w...D.P...j..@...7....+.[Sm...<7>X.m....@XV1..b..\........+.....D...e....f...{!......[.....pHa..c.0=h........c...F:....A........Io.s.,7p.<R?.U...1&O`.Y.........7.yd..~...tX.M.&....c.....%.B...:.J.g8i+..v......{..g.u;s..-./Edkdu..T.q..........2C.............PB.:....>.{...G...J.P,......8....siH......iy=.UI..".W.mU?.....d..W`p.+....f_ZV0..zb.#..Y....U...(xD.-...],.C.=.=~...l.`..X|...}d..jT..5....rsX.3.....Nk..M......r.A.H}...R..BZ....9.s..b.Ud"...q.`....m...o/.g.%..m%..v....U...e.J..}.#....h.Z{..c{.Nc.hK(x..m.^.).RN..r...'.m.7.1.=..D%.42.....c..Xs.._n..pE...G....Tm;|..RhBUQ.q.o.....A....x..Om..=.S.bF.;XX.^..lu.mz.......J...r.P.EA.....Xc.w.dB.4.C.G....Q...J.m.../.#P...x..i.LK..'...q....m.C......E'H.%..W*._-]..-?.rC.t-.N$..E.I.i..R'.z....d..9.FO......L.?o.8P......N..L;....f....t#..@.8V.d.\:....yyaH..g......{.FM..g.s.....4.Qx>eTS......5....41].K_.,..w...&F...Yf.....sHu..'%..(Wm..t.y..Bs9A.....~;.z...Vp........./..AS..r#.89.N.

          C:\Users\user\Desktop\JDDHMPCDUJ.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.865025527058714
          Encrypted:false
          SSDEEP:
          MD5:D112F79332095687DF92596D6ECE9144
          SHA1:ECC8BC4000C957485D24714F20D72E622F2344DC
          SHA-256:A2AAD0DFAC3F6B38606084ED152F0CECCFF425851905ABCCD12FAC7E01E55456
          SHA-512:D9A3398D0F7C98C3F8863AD5CABA593FF3BB4AA78137D14FF8461F0882290707CE90CB9114EA1AA5224011B85791FD41B4D4420DF43319E55C9B8928C97706AF
          Malicious:false
          Reputation:low
          Preview:R.C.j...'p..Dv.....U.........R...)..C.9.........r.G...#z....C.}.1K'7....99G^.kyo..\7'bsA?..G:.R. ..q..}s}%.s....F<5C..".1..&1V.n5o2...z.)U.7&.k...0.....U.......g ..{.c..R$.or4>.m....].g........1I..)%....y..U....w...p...-.m.!.O.Z...o.?ne..%.%Ox.,...j.i~._.....`._.......p.Z...|&.9a.V....].8m....E`N.fC.^yH,..N.._....qL1..OP.5.j...._......xA.(.......l~;w..eJ...5w......M....z.]..8l.R..g<..}.f..5..X6]=.....*b.d! o..Y.Uk...8.)Cn...>....Q..vBx..^}*Q0'..O........G...jW");Ez....kH..........`.;....c.S./..a;.s.2.Z....D.C8.]..e?..wH.X...n.{..t'.:...,9...0.....p.2.?+b;I..H.......6..i2.........h..w.L.<}"O N.K..Yb..Y+...j..o.....m.V...JF./e.;..T.E.1..l......'.....f...m.f.I.X...l8+.Y...m..O...L9....5Q......k...FHaW3q..V^.......6l..^.....I.".........~.[e.[yU.....}.A&.>.U.e.zN......T...e.0..+... \-U....Yz.mj...kFz..o.:.2...o+Og./0...?].N...V.D..{...U/n..k."n.k#..A..T.....=.,.c.yj..WM...\.-...w...V.g.."....#.... .|...c..I...E.@..ek.2.Y]...W.......6<.e......L

          C:\Users\user\Desktop\JDDHMPCDUJ.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.873752332730833
          Encrypted:false
          SSDEEP:
          MD5:875D1BAB35B7F13DFBE878FEB2EF25ED
          SHA1:6250902BD55A13AC906926FDFF05C31A90C552B8
          SHA-256:1C635AFF77A19CB1E8F1BD670BF6ABB1B3662978A4DF618C7D720824F4B6BD11
          SHA-512:0684F882208934EA9D8C57D3598F1F732522A65754F928A97D11C623E4DA9544D979B8211B3848D23F95CF8C1AEC16B03C74FAC592695208F26C90B42E40BBD2
          Malicious:false
          Reputation:low
          Preview:...A1..17gc@h..".......z..u......f.5B'?. ....-.:.A.@B......!..1O.@.Dv..l...J.?.YPi6.....;.{............Tb4..n.T..I...T..a.M..?....O.......r...."..p....M.>./}@.8.".5...z.<\."..us..t..Z.i...3....=....rb....IO....nrtL.;.....+...O-.\$]r6...I......9...g.PN...].t..vEf.......|.j..?.mc.9...w..R.y....7.v.-J#N5[...S..JxE..9g>."....p.nw.52.......76).......uer..e@....O......<.T.,...x....<..].V..iv6.=.....l..y..)...&..x....V.(.dC.z....$.G*.xf9.].et^..,0q......;:.z...a....Y.....qDXX...c.L..pr(.dc.L..=6...[<K..VL.zP...%..=i..;B@s.$ .O.......'... .<.FD...C/o..Z.@7<..M.$*..,N...5..y..AXr......,..!tp.V qU.w......".....=Z.......h..84.88.z...).J.^k .'..8E91...z...4.D...wm.#D..D.......2.U..X...~.!>8..`.M..V*..>.....?...S...z.8o."....&.....o.\..@so..z.........ov..4...}..u..0.8..wXP.I...M.t.N.......&M,!x.cT..1,2..7.#.j...g!....uL......h..L.C.q.....^...Z.Y....o.:K.z.:zA.a'@.h.%!.Q..hls.....5...x...c...$..s..A-.;..J.Ad.CK...I.$.7.oE.2Tm..e...|.,....{..Q..H..K..rsw.D

          C:\Users\user\Desktop\KLIZUSIQEN.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8797024645567415
          Encrypted:false
          SSDEEP:
          MD5:80EC6CE57BC8107FA844F23C134D6665
          SHA1:B12ECFA3F01D82E9F03B8539EC0EA6FF7FAD3029
          SHA-256:1C9ABF12A8CFE46F5AC3D34C01729CB75832DF5D80E9DBB6C8AC1A0C501BE94A
          SHA-512:D3CF8BF4D4F9AEAE9CB193F2C1FC39C30CBCD660ECC3B9F2C8DB6FF3D6501CE20756EF21B0B1D5DEF56B823E73006CBC98A1818D84DAEBD2AF12B517327B071B
          Malicious:false
          Reputation:low
          Preview:..@.....B..d...O@.........C.3^.@y...<.s%.]..o.~q.".....%..r...#.<..#0Im.Fo...9.Z3&...qc.I.$..x.gM.[.)...`.!.w....eDo ........H.GQ.E...z..>.5s.2d..Ru..]-h.^e.6g....J...../.#...ah.q..?N....+...\.S.F..+C.T:A`..-...f.\J...J.b.+S.....1F.@.l.<..4qkB..Jx..Q..8.>.8@..O9..[..B.k..}...?......,@.....,.....z.y.....~IF#...3pp.h....._..".~W...m..^n...U.;.....?..H...4....IU...Yd.Wl.D."G9K...5)J8N@'.?.......;p......+h..2:.-.Od`$....6.<q.%.*.*...p..y.~...G...a...Sf..v...z.+v.o...19.g...F.l.S59Nf~..E..|.M..h%.G.x..6....t.?.>.....]..+....@....'c7...w.w......]...4R\.'.ip.h...q.oL/C8....1../D....f[..A.._nn..Ad..9+..C.....2*....B.U\.[......*..{$.vu.u.}E.{[./R.J..M.h..."q......._.8....k$.)...Q.ui+.i%.....>\t.........p..T....`N.y.4.9.T....c..C....Y.m.`.#...|4).|.._..C-.$.rs.Y.B@O.E8.%?...,?..f6$~9n.....Ch..#R........e.[o..Y.<Y...hA%..-!.oe2A..|]..T. .m...!i.Y..2N/....(c.......H.IA..\.......H..],.W>FsM....6c....Vs.JD.Y....S..B..is.dt......-.......mt%.+'...

          C:\Users\user\Desktop\KLIZUSIQEN.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.868234322645811
          Encrypted:false
          SSDEEP:
          MD5:1BFD8E72FE6B5FE2C4ED35E37826AAB3
          SHA1:F4968990189F86EEFECA98DF71B238E7204DF177
          SHA-256:D49C1EC7C6453DE4F798AD648701932ACF985FECE4665FE45B69AC6C1FBBF253
          SHA-512:09D4D70E667DDDFC1F300557510F8A1A31477F3890F30AFBC1FFDF2B6E4BEE1849162C2FA01534A7D642665532F056D9DCDD08B089F70C4FD13523B1C424A12C
          Malicious:false
          Reputation:low
          Preview:.|9..R.D.K..~$E1G8N.(.~-}.VF"d.......#[7L.Tc....X.(..K...(.{.@...U..I..<;".mHF.j"7.....A....}+~:...T..L8....+.p.E?=q....Z.(......l7............W..|.}G.W.....5...H.L..........`......C...........S..g.-...o.km.:...p.``.$3&.ji...-..#.Y.....YR%....~....D8| V....#@.....^..]wR....!(.f.w..3.Hj....:..^Rz...q`V.L..Jy..\..1|.....3z.......r...JAM.N.%..E...31...M.o.J.C..|S{y.h....]........8....$C.]..SX;......9..1..t.)?....7g...*.[.g%VX[k.5Fk.!4G".....jm...$,...q./;TD|Oo...(I....5.u..q........X..6....v..U...3....o..*T..v...O."C...R)..........Oi%&.......^[....E.B..i.nY.g.....Q..orO%...i=...1WEl...<...&....[-..N.+e..Ga.MI.R.E...uY...,.s...RO......G....2..X..o;..D....LG..Fz......s}\wW.......J...Oa7.<I>].}.dl.t.!d.o.^.. ...t+t2.d".p.k......Qs...`......U......L..q9......1..q.=2,.bw..@.....q,..H..?...L;i..O.7..wF..F.....=f3."<%...Q Q.{.n...e.#.:.1..'T*.]......2R..W..H.>. .&....V..iM$`'....5.[.q..m...c......{.j...'.!M..4*.yMh.t!...k....w&..G

          C:\Users\user\Desktop\KLIZUSIQEN.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.869036127751099
          Encrypted:false
          SSDEEP:
          MD5:5A96E3DD4B7DD655BFE37CAB15730E8F
          SHA1:5D9CF4B3B5FC4C8AAA4EAD31198A493B26CC42A7
          SHA-256:1569D76C30E62CE7523CE2947654C50A0FD9D88B4A3B4AC2B8E1AB802D5B2C44
          SHA-512:CDAE3841BD69369D219FD2AB3F5B09941F2744BA2E03453F4597DF32052CBB1E3226998E6783857A284ADBC361323EF087DE98995EF7958027E3875688CA2B7E
          Malicious:false
          Reputation:low
          Preview:..{..5...N....:.)..q....O.-.*....dM....W.d..t.(....0..&.V.K..M.... Rt..r.....W......N.?(P..#....x:<m.*.@o~.g?..**..d.Q..g..!N-~0........6sFA.:....).dJ.<J.q2_.1I.......!.m<..0Y......(.).~..'..d...g....+..0:..#g.,.@.rKR.#.S.O.!.d.u..Z.......D..l.:...:rq.<.....]....P4.....U.I$....z..a.........Z6....P...C...ZJ.v...&..5u.0....'.....]%.\O.1}\.?.Xw...h=YP.X&"..=.w...;...$.....1>_.@.EDE..Oh"Pgi;...A.Um;Z...R...c..6Z. ....s..i..d(.6O.a......Mn|..1.UR.....L..J.Q@.Q....C1s../L.!.!.._.#.6V.....8..U1t...~*...E...........3.<W.........P..6./..z<.,.W.S.5...3S... ..A.@.....9]..zG.C.'f.._.......q,.z....e.4..@.p...o...1V....K!.E9f1....7.09..u.)u].3v?..v.,...]L3X1....z.Qj-<x....sk.i4..#*C...? ..6s....^....&.\..~`8.!cEi.._S.5.c....!.Ybh...{.I....1w..z....cB..*g..L...i..O.TS..x.w..M .SO.......mvs&.....|.8..W.....kF..:.........AHf.......>.K.2..i..6...\^w....;..b9.@8h..!.wM..!}..a].U.Y.......$<fQ..>...".g:..H@.p\...j`.5M.9..7n...<..........1.5.^.x.+..k....y..

          C:\Users\user\Desktop\KLIZUSIQEN\HMPPSXQPQV.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.858588078026534
          Encrypted:false
          SSDEEP:
          MD5:036EC486EECD583C6B00CD5FDBC86D74
          SHA1:A9A5639A5AF9CAC1C84BE8BBDCAA014CC8751DBB
          SHA-256:933EC969D0C23AB8E00B123FE085EDF7737AE1CB4CD9C856E983D8288349AA1A
          SHA-512:1EBF71F2C6E0CC41B0A46E306117CFE8C6643EABBDE884F5630B8E391AA5654FA84ABCEC557D41983D532EB12A6EA5E9804B18420ECF33D8232B3782B5379290
          Malicious:false
          Reputation:low
          Preview:....QT.r]$..2.k.<.....y.....DK..Bk..6.<....O5W.d..!...Y.m....V...................#..}.V3"/.<y...xb....!...Q.`.c.c.?.%...hO.B.Mo....m..Nk.?..5.8......J.yd^....b.zZkq.(..>.F..V...|T....IA.9.,.o$3...g.. ....4Lx.G........H....:..LD...rp..&....i..k...die...wV9o,..=....n.*....k......ku....R..d3.."...(2...[...g....I>.`o....+2=_Q.z*..OTa).7..B4...H6xX2.9....FBynm..GG.]..7..6.<aT...... .6..E=A.ZT.w.h..6.......Z..Z.C..n.... ..I..)(.e...#...t].....,..<&.."A...c.....8..vm..}.@P....;..".|@$....6..2Nl.xa.!....V...x[.:}.....-....`..KKT:>S..\......l...Og.3.z.d....S..{.y.m.J.v,P..Q..,.W.u..i.....Y./.y...A..A%.U6......N}.O...?(.:..X.9.1....'E..^.-.%.. .K.WB7..eL..z!..P..#.O...5..I;Bn..BX.55;V...w.j...f..FGjyU:t/:>%.......A..Y.`..(q........xWQ.;.[....j.z0....l...L.....V..u..M9,.."...@VXl.z.z...U.%M.G.5n'...(>....01uH.-<..*...#......&.BK.r~;n..|L..*........x..Hog.$ZD......4^..e...RY..........=..z.*\.&".b...>..JU.X.a....}./.Gk.)>.`..*.....g*...

          C:\Users\user\Desktop\KLIZUSIQEN\KLIZUSIQEN.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.884745070889659
          Encrypted:false
          SSDEEP:
          MD5:F087E51ABAFA657165982BFA1B681F43
          SHA1:0183B40AE2BA7B79CC6CC7E0E9AC4BAA1EE2A295
          SHA-256:E2DCE4827243EB803B6017F11939866A2084BC37E32ED9513CBF5E6F30F0A508
          SHA-512:4FBE1D3DC83F40571A08CC8E8CC22CF42DB46FCE57695A542583D83A0AD676B962BB10C8D0797209D2D86AC732F3B84DE76DCC9D72094C25B75FEF676E3008AE
          Malicious:false
          Reputation:low
          Preview:>.!..`.<...JM.g.K._L...wF-.c.+...d2...rv..f)-..u...C.t.a.o...t)6&pi.%..X..f...D=OYT..........Y'C...?.7.*...\..o.%.EZ......s......h2.~.cu.x.....c.O.f.....N.p..r.R...R...6GE.BH=...u./...*.X.....K.y8..W..[Q3\.}...8...'....i.H....9.|&.l}...b.^=n.c..6.i.. ......T./...,.....E._...;..6...UQz^.~3...qzUBhSxi.....MXk.....]..F.....Cd . ....G.D5C....sR.;GX`..W.....Q....d......!.@.......4.4u`;U..j......5...[.....D....1?dG.@..xm.......u..Y...R(}7...`.I..[.K.HW..g.C..5...z..-:..6br...7.w>%..{...prK...'.h..}..I..R7Ec."..$E..r.../:.......).....p..t...O{...3....0>.SgNe.....GJ_.<..0..#.......G.J.Z..d...8....@.O......g..=."$...DM]5.Wa..........?.*|.Q..L..^.B3p...9.O...q".I.v=..dBw.L.......E.-...mK....*)........S../..|.....s.XP..;..;...Q;\}. .H*w6.)...&5(5.1O...[ .........5O.D..'.a..g....;.#W..0......L...;..q.......+.Q.E.uE....+.<kM.m+..^+...IJ.o.`.....D..MF..r..H.."...s.....)..$b-;5..-..2....\.)..p....zxUfU.O%H..YlF..`...QW...)...B.......(L.el.~...r.....t...(

          C:\Users\user\Desktop\KLIZUSIQEN\NWCXBPIUYI.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.853502379493028
          Encrypted:false
          SSDEEP:
          MD5:B201200FB1F420AF9F966FD780A09EA4
          SHA1:69D38DFA441E6268E8B5AB5116D49A9329E36ADA
          SHA-256:13989309B1C029862584B96C163D9729AC065B405774F691FBB7B336769E3048
          SHA-512:BBAC3EAA28F9E3531175D25A483A51AA14E6C896D985C109BF39DCDF7C3DE4EF294102E587B1FB6670A7AE10AB082BB4D8767CD8BC586FC017FF277E58150238
          Malicious:false
          Reputation:low
          Preview:X^z...}k....C".*..Q..j.RZ.#6.L.r3.....2.j...G..UP..w..x.tI..uR...a...%.ne...>t.......v...z)u...:\.4J.l..<d.2....1.:.U.-.m.... M.L..i........I....U..R...|........I.#4.L....:.5.gP.p.,.s...98TUZ9..m....}...+....Aj.s........`61nw9.9x)n.$. .iB..*>....(.|.....)Cp.k&u....z.j....V..F.........<.Y......e....T....MI8..O.a.:.#g......T.4PA.....1..$yRky... ..L(.o:.Y..|X..QP5...w=.&.i..wJ.5.....X^.b....Loc.i;....Gx;%....p._.+.SB.VI..L3.sA..yk....Im..%m....?p#OQ.7.r.+..&...s.;.......P$.....]jC.5N...N.&....*.;.d..1..a....J..x.o....0m.9...x...Z&.....asOjk8q............k.i..Jc.{^t|.I....[S.j./m..v..qz&.....]=.+.....K~....i~..XE..;*I.....=H+...k.)5^.EI..g...7.`..Q..@n...7i[C.....[..V...Z.*V.U.0m..;.[.9Q.k...ME..H..Vs.n.s-.-......[......cV....!a...CT.{..V...B....k.......BJ.1[K...v...1q..5.&n...H*(....b../&....{..Q...}.x...&..F.9h..+.......Xk...1.I......*5.,.Q...Cj.C.L.d.pZ...7.a...e......l........Ti_^.........+@g.Ke"{.....i.#..]....k 2e....(...R|..H).-..Y....e.g....

          C:\Users\user\Desktop\KLIZUSIQEN\QCOILOQIKC.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.872330872002424
          Encrypted:false
          SSDEEP:
          MD5:2EB841015BC7F05D9FFE150A2215FA1D
          SHA1:58C47C307CB283FF8B49DBC7A6379A742F2030AF
          SHA-256:507D80B5181108EC0F09A1651A61552C801E0F32493E0F73CD8E96FC6DD9D063
          SHA-512:ACB6CA4A19F46BC4E60DC2B91FA9D6535955C9054312470C73EE923BA85F88542D155676C7FA0DF9B4671AA59991289ECDE6787425AD3EE1E9A472383BAC7B1A
          Malicious:false
          Reputation:low
          Preview:..3.:|......gr..r;TW...TL_..U....V.)...v'i....j..O....J.+*.....1........OJl.s....@...-.e..H.>K?h.........2.L..W.=..0.......).L.v%......7...6c.a.:#.k--.B.BF+..ZN.....[...jLr@...l.....C....zP}Q.&.O..u..$y.x..*....=.o..DE.Q..@...`.....u....m.jy.@..A....8...n.zC...7.. 8K.e....~..R....`...I(...i..........'V../#.(o../.I..i.T..'..B.....e_b.=...._|...l...{./...Fm...x.R`.:..N(y......C<...D.+dYu.p^..l.e..Bb.]..E.../.....h^.]6...o3.L.,f\......?...Y.m}..5W....|^....BQB{..+.r..v...{..a..%.*.0....C.....@...._])....Ys.n........ O.i.:...P.',... ...l..n.....2.'.$...u..-.1.I"M.U..pY....s..^..f...........F.Q.l...&V..D..TG%-L.%..G.H..u....(..n.e...p]Z&.y$N.S....r......i9>.Y.+.<.:.Iq2agH....;].V..#H...e5....0..1..M=..)|$..NNf...v..;...'........2s....AXl..A}.GhI.....T.5..%..{i........._....v...`H.."....K\..3"M/K..%....x-........ ..}6.......p.Y...0..R....Vg.A...4.J........6Cz.t)d=.....MUT .%..6...Z$l<V....z.......9.o.^<..k&b...7.e.%Gs..*L.?............FX.O

          C:\Users\user\Desktop\KLIZUSIQEN\UNKRLCVOHV.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.844259571007002
          Encrypted:false
          SSDEEP:
          MD5:FF1494315C42D2D3B24A1B843B34A8CE
          SHA1:9DD4A58622D715722246D60C50F017AB74328D25
          SHA-256:806E4834AC04E65709E3B2F2AB67B2C241F7CEEC1223EE361B2C828C5AE17757
          SHA-512:3BB22FABAADC06C7B7D3D8DB39B92CBF51BACABD898B67E895BA512EB5D5488FDD613498EF26973DBF880E5A30512DBF9783C1C20CE15A0E63E9046436D4606A
          Malicious:false
          Reputation:low
          Preview:I.._.#.$.y.7d...RK..?f........G...J3..R..^]s.............h...7D.G A..b........J..U>....:....:.T.[..j.xkTEK...o..7"..D.RV.....b.C.....+.d..N/..M......s....B....!.8\.xd..1S....zS.dL..Z..D.."....9~9Q"...\.......P .....`G~Aj....<@..d*v.....2p.........,..l.(...q*o..F":..9.l...~?S...i*..........E....p.E..B..tr.l....I...a...... ..N.......Nw .T..e.f..4ko.....]..m..[];...Z.+...kRu0.e....:...........NI.:_R...F..>F..}w4..v,-...+.>-.v.F..y...p>..d\u.........gLa.v.x..c+!..q.S./....Ir.@4.j..i.E8Z.%....)...(.r..6E:D..........$!....y....e..E.,F...f.......lc..R)*7..r....g.M..R._.*.....a...:.......y....4V......./.+U.t.G..*k...If...u...O.+........)Y..R_.l..Y.(.:.E.[.vTKWE2N.\....w.C.H.:..f.Ag\@^.P.#...h.4#...._.X.V...xf...K..#+.D.......G9r.A....a....l.......#.\..Pu/..c$.;...t.t......o...b........i....S....0y....WBCSj....B&....f..{..../.M...R....S..0.a.Xu.L.o....W1f..(.A..e..K.7..7p`...z.Y....CaKk.......,^c.#.b5....4? .=.arF1&.h.Rl..jFz.^.R~....

          C:\Users\user\Desktop\KLIZUSIQEN\WSHEJMDVQC.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.844481372940951
          Encrypted:false
          SSDEEP:
          MD5:E30D088A40821FB7DE414B3BB765C01A
          SHA1:CE2858B7EA4A4D4B79672A64F5C1B85061745776
          SHA-256:2E6BCA4FD4D380BE3D31BAE7BB3D09FE848A88A0F5EF9E0C3259DE64B45F6494
          SHA-512:ABECD434C0FB975BAE47D86C9DE2CE936B31FA8BA358EE35C196491B015A824A1EF193D094D8FB9FBF93B406C4AC28F0035DB4480F1688A84F9163F78C06AF0C
          Malicious:false
          Reputation:low
          Preview:t..s..8..Fb.2G,.....&.z......='7.EA.?.<.F..E.<.Y.W.......=....|.U...,.9....d.7_..Y#D..f.v.....Za..Q.Q5...V.&.-.5HKR./.@<.J=.7...(.f....L.S{...B2. MjJ..d.....F,H.b...<*...1`....!..GQD....e..t...#6....k.?.&j~....xM4.K...]6.R..=..qP>...8.f.&_)I.8....Z.].<.\.ZY...<!.vv..C..H.VK`.|.yv...c..[?.....G.X.^UYQR.....j....1.B...A.mM....?.O..z.`Y*.;.4.'.Z..*.#VB~y+...0.....2..j`..........T...r..k.(..7.k.V..0.81B>VY.......a...$.oG6....w.hS.{Q....qP.........c.Y..'.....f|.....[J.7<..D.bJ.&..K.dl)>........`1h....3.......t....l^....5].?.T{...".4bW_...Jd.....my..'....m....v9...q...5.a#r.....d.Bl.....&..Om...a.]]..S.W).~T.ET........fw$..,zx......+)V.6.yH.@..............7...Bu..HY..h7.I..;....z=.|..../....S.H...?r.z..Rp.\t#7.4p{.0.......?(.H..B..).97.W..W.....tJ....*.A.......><..[..Q...s....V.|[..7O.l..{...J....k.}.s|..?5.A..L ...vI...rTv.5...i)............N......7.F.B. .f(...V5'..u..\yw..Hw..K.O,.i.|...l.1g...I......<@J.)..O.....tm`.'...B../..g.j.}.b.

          C:\Users\user\Desktop\NWCXBPIUYI.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.853097097363226
          Encrypted:false
          SSDEEP:
          MD5:34E11DBB53CB4E226CE9BCF56ECB6334
          SHA1:3C30A463F422D950A83E7B1349DDBF00AEC53384
          SHA-256:E728ACE55327366E69825AAD7E9426E38E5986DE9096AD1BDBE9DF298A1133C9
          SHA-512:AA0563397218D2A49435B98CC4D759EC799DC0F099DF37AEB11230E6993CCC355ED5DA08B918B5E4E8C7192E20942D88868331828D45A2011D8B8C7A91B85FE3
          Malicious:false
          Reputation:low
          Preview:...... .[:\.t.c.n..C.!..&.l.c)...z....w*.f.D..Mn........&Qi....}.Nb.4..#$...)...8..f(..R...*...^.*H..x..w.5....0.._...tp.u......sI..mlxO....|.....c....8*.kZ>.{...>.r.....t1./..P....$.v;...T8..w.2........\......W..v3...v..U.t?.o.-..d...S....\..I...R!.d*.U1".ar.>!.. ./Jez..q......Kj.Q... ...5..m]......gEF...%..h~G"......Qa.....&3..G;s-.Fh*.#.v.l......:.1Kj.._.h..g.2..vy..j.Vo.d..K.y.....AYZ"s...+:Q|..A..S.`qi......"w...*.M.K..[.-.<O.:.&.F.I....+Pa(.+.>.q(..-c...W,V..I(.{.f....Q.K...i.p..7\y4..(.m./.{h..Ho...^n,e.".^LMLK.V...}..*3.Vp,.....-[i....fE1..l=...d...'.............T...=h-8%fgn.x.........G.AV.i.....&..].+....*.G.0_...9w;..6....*....C.:i..1Zw..\..a$.S.`.h.3..^>..O4.h...g5..9 o....^k.!.....de?<t...$0. F....T.s`.:..y.{.|m.(h. .}.Z.\,...)U.n.+.Na.@jp9.hi..?....\n..n..&|.p....{..X..{(....{$.....@.M>..k+..9.?$.k...................V.^.95.-..u.........z.)...uz8.....>.%.....C.....x.7A..\Q..Y...)f.#..[.:.d.ZK.._....i...}....V_;7

          C:\Users\user\Desktop\NWCXBPIUYI.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.862602223604255
          Encrypted:false
          SSDEEP:
          MD5:6021D76AE137D135BF6A77B1FEE44083
          SHA1:9382854540E0BEC999E3D063BFCDB4CB52CA2CC9
          SHA-256:1B56B2D1716F1BB0AFE5F8CFE00CE6D36507F51D614D94EA10074D1C6935B953
          SHA-512:7684E2BDFF03B8F64D277D8669576AF847AD7588A32C8C981B8398AF37839B376BA1BDCC354543B535781F9238273B9162E8877805C635DE63406D7D58F64B9E
          Malicious:false
          Reputation:low
          Preview:..........a....G.....WK..O....&X#..t.....K...g.0....w..mb....NU.~p^....F3....b.'.....Yw...........9...$...Wd.n*H..U....f.&.P..d...p..m.@P.y.MHA...-I.+nD..{...h.!).B.b.....hA.. gZ....9.|_.....fMg.q..~.zV,....*.E.k..*..p.j0.r.!.......@!z..9.).o]\.c..:+.*........I.....`..%.<. ..+W;.5mEXn....:.%q..-.1..69..._.).O7|/...F....h.pZ...2)......%..vWG..A...&...P..R..c..&p/[...]U{........7..._..o.k.7...,..YB.S..Ot...{.r:l...E5.V.s....?.cy....a.....AP.(o.)....g....-...y&VjK..A^..hd..*p..!.'?....A...`l+..;..BD:..D...G...u).=..u[;......@...a..>R...g.;.%.q...;0...6..:!.".6.O\.a+..Mr.-r3~.......(.]'.j.V....N.......b.T..g.Pe...~5I.@. |H|..gY.`6M2.P8C..V.j.=..wv...6zy....8.!....|e.L.+.[..0=...l$...5..L}[........ Q[...HSG.#.,`;a.a.]aq.n4.W.{....=.....m\......lAzG.r,.....".]Q.1..c.+ky.\....7......G.Z..8.@.@..%)E_.d..1.^KO..%D..G.Ql.`..x.@..2I&...k.g...=.Y..Dq.....J../~hr....P..0....Y... .9...@.0..3n.m..:..r{....6.'1)...i...N.=. ..4..z..6+Q.a..+........ ~8a...Z"dk.8]..<3

          C:\Users\user\Desktop\NYMMPCEIMA.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.868683719594359
          Encrypted:false
          SSDEEP:
          MD5:1D4F9B00C5E3A4154C29064433A6234D
          SHA1:0FB4A5807F134BAA6D0A86D4B44992FE87EDC05C
          SHA-256:DFDE44388F801908B5BC22AF7795B6B7CA62CF03296765A7C7BE2C57040FCAFD
          SHA-512:2A1F21D4082CC57553F67B1FB10C9FA1E3941C77A97AAEF1F19F388E1E99BD03B3EF7E4F54B41574D0B49EEBB659695CBA8AB1C0D88EE33ADEBB193835F71A16
          Malicious:false
          Reputation:low
          Preview:B...7..D.._.I..Z8..x ...v...I.....q.6..p.k...c..6-....=.......a)...]p.)K.I<.C.2...8.........`%..b....Gj.d+.)1;...%...k..!.d..#z...z...4K...]N.\.vj.............t.`t..}h.).8\...<4.PZ...../^......wz....Ra.M.p.+@..$......B..%M...`.BrvM..4.k/.A..,....(@K..h..........6...jw.....(S....Q.......b".).."4..P."oI..]q.ur....e.....3u.a.i,...'>..l...4w$is......k.j/!...P...I..-...+...dN.*).6..#.p.}..rH.-|.f3k...p..N<....%...Eu.8....B.`O..#...oR.2'lr..HT...!R4.^.6...Y.U.Q...P.O.-..g+..[^.[`.kB..\b.q#.m.G.......7.Ap.Ie%.j.@\....aV.bF..ws...L..m#."H.E..q^..S......U;.8.By..Q....(2.!.G..0id.O.mC-...s..f.....!...5..;...o.!m.XS........j...u....A...c.R.$...(z..8....^f.l.Yi....5..d......0gmy.......Q.e..+>?...\,...J.Sb.c....|...0w.....!.$.#.]._.F..../............e....QN.7t$.........*......S..t9.a....n....3....A.3..d..1.nbh2._$../.{...<F..Js}uZx..nS3.f...T..:m...=...Bh.(R.iu........I.c .k ..qH.D....ET.(...R.;h.qU....{_...d.s...t....x...(MX.....?G.u.:.6....

          C:\Users\user\Desktop\QCOILOQIKC.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.864779688744737
          Encrypted:false
          SSDEEP:
          MD5:36DA051FF485661248573DA948557CB5
          SHA1:8FF5FC242EADF79C4A8C80F9375C5310AFB369DF
          SHA-256:F17E70E35CE1055968F8AA511D1DA6EB2658368B505E7B7BD09A7DBB1B1173F2
          SHA-512:60A77C6C2AE2969900BDCCDB2926F9979C4C7F515FD2EF0A6E4F120C3FF5E1F7752065D2BB787220016BAC6670CF8CA338151B3E0231FA43C95F88C597CF2D5E
          Malicious:false
          Reputation:low
          Preview:.m.x3...&|m.....8..7 X.........rB..\'I*5.2.rGg".!q{8.~>..Z0.._...9N./..Z.?q.O..5.i....%.{..B..z.Y...........a.&".....]. J;:..'....} ..q.9..?..P.m.B\Q.O.@............/...5.6.?....N.k.xB.!...5.c~...6k...T...'...u...f....%....jw..V_.$.b.E....d#0.7{l.Q.y...*.X..R.?....C.4.........L._Ph.y"...r`R.l..h.N.I.. }}.4..|.}.h2K..Q.5.7....?.u[8...H.}A.v.o....E*.;V.s..>..n...N%..E.YG:..=.......8. ......N.M...#.0..RfL...L.v)-*y.;a..Q.T.d... kw...c.t[$.-.^.#[..`..j..8......v..e.$*c..,m...._G?Y.....co;6'ij.E.......g.z..g...c.0N....cwk,C..W...3.....\K..cQ.Z"zU.e:.QE<r..e'u0*/4X.699.q0.R.H6&....N.m .....V.~.V~..q...l.L.b...?"_..P..#.N..I.S.G..Mb...n..xM.......K/X...dk.K.hb...p..@u.x.e.bO].GF.D.Vp..4.&......:.3...x8...v!.....g.P........`d.g..n.U......Wd...B..TN~.x'4..z..l...`..$5..^.SN.!..._....N.Z.V...V..........OC...7..i..%%......3(...4Hrv7s.....tkrt.iE.;L.v.s.....D........=4"O...-.K.M...bd.y?..>..q.[..v..1..y...,R.yCK.}..'....Q6...O....N.qG...+a.F.F.I

          C:\Users\user\Desktop\TQDFJHPUIU.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.871120818320783
          Encrypted:false
          SSDEEP:
          MD5:22D594579F7750F7344C51FA4F8B0CF7
          SHA1:3030414EE8A62AA5A8B59AA8E54018B6471A8568
          SHA-256:F5BA1882F20EA1D568CBC798F4A1753DC06DA9540BFA7F6A1679E37398AA69D4
          SHA-512:5CA985A3439BE016EA457A87681B4C90CD159EAD1EDC812AB7119100943B4510BAA26BF21AEECAEF65BA21A344250853903F22216166D11B86A94FE3B37FC7F2
          Malicious:false
          Reputation:low
          Preview:7@.....:......l...fZ....\jv....4..I.-R.F=,b.Sr.LCPB.M....b.Np6.......%Ra...Ly.6YYoe-..!.W&....&..827.u.X.....2.,..g.=.........\..{...|......-a...'.2.8...X4...2..@E....I.....#..._:.o....t;c.Y9.P..."....tS/].#..~..|.pp...W.....L...m.G..88...D.{.W.drB.....\D.(.bt.5..9...w..*Y-..t.c".,/6..g. cb$..l^.*.o.$8t,$LJQ.4 ...r.X....tG.....G..R[.O._HI.s..@.N..*...5......H...5o..t+P.\...b....uNV..S3Z..W...vr..C...|.>........uZK...4...tb..c....H-.._.%...d.`.......d...[RD...]D..(..y..#b{!h.n@......&q.....".L.3.....9..&.....?.!'..n..K.)${.u:8...T.....P....yA.....0.2aJ..O..p.z.e.<...X.@s.%..b.f....}..{9ik.'~.Q....s..00.m.Q^.....r......2UUT..s< ..w.`.<.W.r.a..{.,.;YE..{>'.p.+.$..w.H.............[...#..U.K......P.n.....5#..M.NM'|.!.$...*.y.<..]Q.....D.....{.Z.F.r.......7....u...Ql..]..C...l_BHF.....<.P.E^a.&).n...f.J..S...{b!1.....7.s.:.;..N. .h..P..t&R...U@x.q..z.m.&.<..I..f...q.....\...7...P..........9..&.b...X4.&.(..(.!..c.&1..xy..M..S..

          C:\Users\user\Desktop\UNKRLCVOHV.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.88436475937755
          Encrypted:false
          SSDEEP:
          MD5:412DEA0B318354B2D852C9C0DA081A42
          SHA1:072B668AAF097806E1A5FA71B5ECD6080EC35FAE
          SHA-256:B9F32AF3BDEBD58F1327EB968AF2A2487CE4BF1719ABEDF3C2B45D67ED25B77F
          SHA-512:D3AFAF28BC380120B3373FEA5F544C7CABB8E43C83DA2B502C1E7E863A13C1DB684C8450FE33F8FF2C3A56F8F58F5760F5EB17B0856C874B8D67F37475E9702F
          Malicious:false
          Reputation:low
          Preview:V..]pf..<....H.Y.O..t.T.f....p....["..`...?%..<.,.j.j8..b!....<vFI...f....\a.c.T8.......o6....6..KRvs.>.)._%.W..f.'&ko...C...v.2.'?.V.<.5..]ms)Go....LD..+..A...\?...T.%.].{..J.X7.'.r....J..d...qE]Q....%...53<..+_.[".F%aM...f..q.k.si.~.'.Q.........3....:...,.......$.....A.y;Yz.%.!v.U!t...E.t.....t$.V.....}5..0...x.m5.Pk...K..LU......rv.Y...l.MY..69.H...8%..&.H.3....S.1...o..%\...2.;..+..&<.f...I.....O\...e....]V....uG.............M.G..u...Z...C.G6....S_1..%f....Mo..O..k.1i.....3..!;............9.^.!?C.k.....X.....J_........./=s....f..[.c..]y..|h.]..dH..}.+.....&Y.0......1.y..[+...]s....i;..^..7d..(.....(!.,%.JO.KX|M.`.@+.p.....HwN.d.~..G.]@&..>.........~..y.c.iuXH..:'.W....C.]=......>...........1y.b..f....,O}.t.?...iFY..us...jP.C`.XN.........e.".@4..*[.....@p/.7.6...P/..9..*.....v....,Z.Y'wn>ha.../..Eu$............~..>P$8.T...|i."5p...q.c{A.P*Jnl..v..'...=.m..@,..g..z.^...me....w..K.z.w9............\I[.6.AN.{.....l^.".@F.]~...dp.. ...

          C:\Users\user\Desktop\WSHEJMDVQC.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.87009168191778
          Encrypted:false
          SSDEEP:
          MD5:088821A623F037EFC9C3AD851686FA12
          SHA1:474D0DD0ADFDD068D93A25FED88A0A273209F15C
          SHA-256:2CCB95E36DDB1A39C769A44B55C14DB9757E1F8D625820A6F839E269190DA283
          SHA-512:6CD252965353697612D4F140D1EA72B0FBC8B51D4E3A438A9B40958D7E5C110D3431A32E34269785CE8219A33C36E3DDE706F12FCA99CBBAA45F77444B81A43B
          Malicious:false
          Reputation:low
          Preview:X...xlW2.x.^vk.9Lh.9./.?J%hVG+.j..u|.H..x.}.%4-..W<.V..LH...&<{I.\.../...s.(....SBl.R~.t..}.(@.9..lA..{..%./..i..=.@3_..!U.../6.q>......G..z.....=..O....._.@C^...jx(..............NL.9..S..*...r...AQ.....iYg...).c.Y...X.!FD.e...6r...>..5u.....x.....U*.f"H....... ..s><.Y.Gn...]..hy.Va.`.o..\..'G.Y...wH8.._..q.*q......|GGY-.0.E.7.l.....p..B..c.7...y.......}..1=0..8P.W .....@P..}..s..$..h.....U1.[N*).y...J..0;..D..G.....r....YQrn.....^h....w7iu..G...C+.GR.....F..c.p.}..Q..... ./......T..]>........I..r..z..QO:......7.7,......H.6F.@....T...r.r..{>[|...........J....H.O%.Xqr.O]..7.:..]....fo..S#.P>.R}k29.'.=...v.Y.m9<........./....Ba.....VU.7..."xf....^ }]KUQ...K8".F.+.......~. .z|Xm..N.......VB&~qZY.<.6O.L...wj...P..i...u4..l.p.`...:~.C..kG..M....4.<|....%bk@......J.....b.=...P l.......BO..,M4...4........_..........u.....r.(...........v_+n.`m..zPB........Y[..#B?[_..:..nF...R../ym.E.+o...gO.^.V.Xz.A.J)|.....r..T...kH...f.....\.&...../...UZ7BD).(

          C:\Users\user\Desktop\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):816
          Entropy (8bit):7.717175058645758
          Encrypted:false
          SSDEEP:
          MD5:01B13C0055BB07C44B74EE4DB2E4CC6A
          SHA1:C05C0C6E11B91014E7C6B7DA0AD10D17BEEE2330
          SHA-256:3969D5D23D174322535BE4C689D8E33C1488D5F8C22B1E16DFEFD9313B4967AD
          SHA-512:4921B8B4D55E49512F2EAF4F2FD51F7EE72BE5DDF23BAB6DF6EC41780328848B1757CDC4321BE3D41C5B610A203805388ACC512AF50D36053B4BB58A830163B5
          Malicious:false
          Reputation:low
          Preview:.[l....A0.Y...)1K.....}.(.{.....4....z.s.]t9....c..].r....$~...)x...F....~..f.2\&<...v.B..)...C..`K......E....`m.-..!...(..;...%...".K.gt"M..r....."........oI.VYt]+(.QU.F.^.k.Ib........}.Q...b..dq3|..........9"!C.jS.[.El}Alz....=.Z..l...C..4.....F.X..{^.0.>.w ...}._J9...+..&@M..V.V...>.>......h.....1N.JOsJ...F...#H....f.+./C.FR...$.C*/...d2..9N.K.....Y...=e.._.....$FC..3Y.w.?.........S....3..x....t...Y.\..[..3L7.....A..T.J..=..y.........Zv.....dl.....N.........Wr.z.]a.<B.......S.;.H..|`..ul.h.6......l}."c.....S..+n.w.W.V...n..).?..9D# .-...&;.>.'.\..6.#..D=.Cu......b..6...$RX.n.....4.R...u]......^....7.].Ez....|.:.S...........E.....N.........7OCA.!.?..%.P.}..<k ..cY.(].N..zs...ZVw...Qa.....w.6.....Z.j..Cf.".=.g.{L..L|._E.\.r...\N..^...B.........d.......

          C:\Users\user\Documents\CZQKSDDMWR.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.870815776453931
          Encrypted:false
          SSDEEP:
          MD5:9FA425FE37E7771AC711E9C6CB59A6F5
          SHA1:1C8239D9578030884346107F53A94D01DA30653B
          SHA-256:A44EFFDAA11A5DC7AD39964EDA3AAFC369F8838C52C55DCE66DA06EEBB38FD3E
          SHA-512:96A605120F0BCAA42F871340F763367F6394C594792D6B3B303BFCA1CFA55B8081B97E51084F38DC3816DC3B61CA8F1E68EC24DA97797230EEAF00107F6AD811
          Malicious:false
          Reputation:low
          Preview:p{.:..^65...}1...2.U.ok..K.%.h.. .........!...M}z.'..o..........v........5B.Z..B...d1.......9.i/..zoQ..,."..+.Z.0!z..!Xg...V..>...A.h.....j...U......\Dt.X.a..9......x...J..!-.....G...n.4[. 29....7.B..cl....xQ.&.Is.B.".U..EC.h..AT0..er.,...xH.\....$.....$...!.R...?[i..).6!........}..r..p.4e.....Q.&W. .6..ha)...../..]c..Z.}...e_.y..>...9......o9."-.=t.im.-......rM.b<.r0....g...7$....P.(Sk....g0.._F....e.....!c.{.u.{(L...;`R.>Ka/.....C...C..O...N.c...vf...}.........b4LH..h~....!..a..y4d..9..?hI.....h.=kT..Z.y....xt.M...../.;H.._...C...2+...B..!6..v.y.e#k.5O6Ge...E...6O.J.X!.N....4..z_...<P.yZ^.D....>X!....+.\.f..'%..5cY..Z.9n......,.?.W..S..,!.M.....KYL. .}.V3;.vq..D..z.9e.K.s|......8(G.6.r.^.....7.a.F.l......RY...@$..3Q...."...v........%.M.p...g......;.0T.f..#.p..,Rc......o....;@.","<-..T+74u.fpV(.o.+....".0z.*.E_c!V.._N8..v..T.:..@..kb....f...E.G.NEo.....R....Hp.H9du_.x....2.....M!z.....`.#.........b..C......#.....9.3..._.jI.b.

          C:\Users\user\Documents\EIVQSAOTAQ.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.880205161296687
          Encrypted:false
          SSDEEP:
          MD5:A291CB7C9DAB27A319FBD8B768CD0C43
          SHA1:AF82966CB46D54AF7C410F3686375FB7326F0CD4
          SHA-256:572BDBD5608BEFD8AB5DF4EFC2893186EF7D1532714359782F0D6E4109F87750
          SHA-512:E470294E5E44C10604716B65C79ED4D49F5B97DC51341FBDFBB8662E879624D866A98F127F97D594014511F85A7C8835F43ED778645DE03D85F38E81ABE3DFF3
          Malicious:false
          Reputation:low
          Preview:SsG.O.2.h......\.9.<N_..H/1&..\nC)..z..2[.EY.H:o;if...7...8... ..$D\b...dg....-..i..6fEK<..@....1(.p.l.c.|J...bY...6...^x5....k'.5..>T..l%.|v'dS.:.X..p@..]......P..d..W.?....(U..[...MQ..T.4../!...............]#k..L...A.....F'8YOc.......k?.+..(u+.f...9V...../..>...V^..\[.n....hiZ.:.;n`...p.og&..5!....G.].Z..NI...NS.....6.6...I.8..+.T...).a9Px..]/...L8.r5Ry|zk...Q.K.e....5.......m|.......qB....!.q....2f.._.>.>.lY.s.Y...C.m..O.3G....kO...(..m.v]...*.A....W.......P...G......={.,.....$I{....\\....#.?.Ix..I..<.F.T.G.].....8.w...&.t...,.]..DJ.......Yu.|L..En~..7.D)p#..@...E..-.%..XI.....o:..^kw ..M.\...`..m..p.......]+NU.e.\;.!.>.\........T.o..#...........-..&0.T.m..b..s..(.....!......>La....:...W..._.c-)Ju........r....F.,.`.6.3...$m..Et7..A.r...B}.....C^.s.....s.W.......Z.^)...~........_...).T*g.......$r..E.4%D^..E.|...5!.|.d..Q....}....B.Q..+r.G...k~..n..L..LM.#T\..o....p..../.E.....A...1.\.!%]...n.U.........F.-.$Q.#.J.......Z.....

          C:\Users\user\Documents\EIVQSAOTAQ\EIVQSAOTAQ.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.863250628308769
          Encrypted:false
          SSDEEP:
          MD5:B01B52983FB806794863D9BA8BF5B4D6
          SHA1:5F8266FB317B255A9E264C0FA792A820556C5D04
          SHA-256:41A036427F9721E50E4A370639BC122AFDAA6A202B31B75156A7ACB6BB97D4DF
          SHA-512:87834C19FAFE3719643BECADCA743F9817B2336EE9949BB2DA3F3D0A58E384B4E38E8D2988895ADD668FCFE1CF6E7EE961881D018C82332533CD09A62FC9CFCE
          Malicious:false
          Reputation:low
          Preview:.)...n...D.|.j^..C...zoH.m.Y..D.cg$.....uX.....CP.........F.lG*.W..X....+....z.L...&...?G...Tpw......+.AD.Z..g....OCL....k3.8uuZ$0.O2H..j.7.#....j0.=....['.&r..O..{p3*.......;......S.pJ/.{.........#..bi..*..x....etkF..t}...^9.T.....e......DV.TU...i.\.C..$.@/E..dyE..!C.J4R...wiW.....}..H..=T.U<....T.....s...MB.....z.].u.o..[\...}^...z..H...(.W.........O=&....:. =.{S.6..x.~.;..T........AI..t..<.z.9..v........%7.EeLf..E.....J3N_.Y1...`!.&-..i5e..a.u={q...x...p(....J......"...X.GO.......?.<..lv..p.B0.%4....^...:....5.....pB.f%..-....^6.........Q...O:?.....t.....c.......Z........._)......Cc...[..F.$.Lr.rz(.&.(rl.._.(....!.W..".).J.C....}e...Y)........U..#)..,_.).E..O...8.....W!.w~...Cj..l.H....C..].-....G*$.3.1.z..r..B.Xg...|7..........f.[R,c..k).....IkI.....J6<.B...ye4........s.~...r...=....]Y-b....J..,u..D..V..%....M.i.Qx...\.-SZq......"'.We.....^R..Y(...9....Cei.. .E.+.m. 2.ig..`..SJ.|O...6a.Y...R.....N..7b.....T...A;lf......Y].....Z.....jm...

          C:\Users\user\Documents\EIVQSAOTAQ\EWZCVGNOWT.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.860225980593572
          Encrypted:false
          SSDEEP:
          MD5:6957546BEA0EC6AC76E626645EEE3F51
          SHA1:60A2B84CE2CAEFC68F818D449AD020EEAE6A2DE1
          SHA-256:BF51F40FA3A97B0B737984969D4787F71B90DB2019413EBED470141FD5124B04
          SHA-512:957FE675157B3FF6EE04550A3092BA6D5F1E72A147F4041BE414895FEF971894C4BE809B22C014E4EFFB143DD26D3CD47A41B826E5960A3B5A8551B5C0810E64
          Malicious:false
          Reputation:low
          Preview:ja.PB.M{.*w..!.....>-n..m.A.z...U.1o..c..!....3..2tI6(.P..#.......$..........2.....<....'19..^[...W..1C. .V.(.m.y!.....6g.yM.?..O..v..H...<.Yh.?.l..8 s..!i.e..i..(...eOX.J`._.h.H.&.|5...A..H.P.x..IY.VD.V[.2s+_..n.Zx.3{>X.......@...t.A.).>@......84w.|..2.KM.o........^u..5.o.m5.[*R.2..;.(Ta...N..a..)[....l ...'.A[......r....X`.5..&..,.{..vwy.|rd......<.1I.y....~L3....m`=..9.....\/{..o..._...x.y..z...Hc..D...|.y.,..E+Z......a.z.....l.y<....,'ko%......(cc... .w.P.P.2g?.S..<..U...tm..@.7.j.~.....#.....>.....9...B.<N.L1.@v.......:..Ty..+....6"ij...-.A....)u...T.(.....>....#....7.a.PAQ...V....\J..:.\gi...'.K.3.{%.E>..H.+.....y.!dW...&.......$.=..k..*.{,IfH.mS.V...l.dmgQ...y.#.@.I.Pg..{)z7.8....\....p....G"# 9...Qt..*..S..e!..s.v@.n.?.#...',..oR\...........M..v.oB.c.5.n5.J..Z.......%.&P....J......Q....%h.<._...I......A..v....&h.\7t...V ..3y...w..~..}..viM7...w8NZ..A......V'..4...=.......]o....%T....E..E.....y.S...'.\f...y.....-....A ......V.

          C:\Users\user\Documents\EIVQSAOTAQ\GIGIYTFFYT.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.878824184465113
          Encrypted:false
          SSDEEP:
          MD5:E97285C199AD4ADFBAE40B30E11CEFAF
          SHA1:518FF5D76CF3676F26E78F9C52FCA2FF968D18C8
          SHA-256:CB9DFB0AA924525520BB10814DD63F1C2EB517FE8B87F64B3C7EB95AFB42F6F3
          SHA-512:8033039FEB1DDB754E0A1D12B8FBA69934E4D34FAAE5BF1135BEF196210AE4E2EE77E20DDD84B85F4DA35E42A88DC169F00D0A7BD28587008BA7759E93E9E03B
          Malicious:false
          Reputation:low
          Preview:..Y`D)#...[vO..I..Zk.~.5Z>..<.NH.J......k....KO.z....5....... .u..!'.........q...r.f..y....s....rm......+....j.W...:...Q].............a.!...|.WR.0...Q.....U.z1.=.J'...\W..:....M!..h.g..`.eQE..Rw..p.4#..........:....>.3..*...7.2/gho~..Rw[zS.V.#k./...K...d.e..9.i3..o.E.E.....;.a.WqN..K.l...<..s{.r5l...kdF....rL'.!..l......[r..a...96...&......n.{5.v."...C=.lX.......z,.f.y?...R.......,.V%...i....G...s..,.hT.'...mu."......LU.&..A......0v....X.40..[..\2.....V.lx!...j}..t@..n.)...a.GQ..a.l..3&...:..O...qY..)..M.I.L<............E...T.b.$..F[../...0.Ny.2}F!t.(..#.=&W..q.`.J"ABCe.....z../m.......f_~...._.0..G......=\6...>{V...A..P....1@R..&@....3=x.~...V],m.Zr. P....5..Rz[.[m..]..x.....\".z.I.U.).#.....'..;..G.p...,q/.u*<+y..Q...kO..CY.x...0.|.....C.."..~R....?.X.f&....,.&.}ap.<..U.k.........J?.C.+.9YN}.)..AO.+..!UE....zO.M.m.....1x.5.V......X..f..{6g...<.g...T.J?0.b.f...j\.nR6...7c..<.A.n....a:^>.#.G(..K.Z..pdb[.;..rWg...M.....L..AG.Qs/ <..."..O.(

          C:\Users\user\Documents\EIVQSAOTAQ\JDDHMPCDUJ.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.878497896938678
          Encrypted:false
          SSDEEP:
          MD5:4552A154E89B00B9846FB08B3442D3B8
          SHA1:613D18EBC6F14764E4BC1F642F4AD81D98BD4C40
          SHA-256:777D536814D4EEEE7004F5B08B3B9BA2B2C7212EB82E3F05D02F922F7D3FBA7C
          SHA-512:D1914AA7B4E06DFF5FD24A933A1B917A498CCA0DE12D815E040DE14E0C1E73BFFD0AAF60F6DAD7A051F69BD96CE33FBBDF80D2D86EE0B2F062C155DFD54A2FA4
          Malicious:false
          Reputation:low
          Preview:S.D@J.J.....k.q..Vt..m'.&......`.U.X.. ..g..<u......*..._.w....1!..n.....3..]9'...|...)..2.7{D..6_?.[..Ra......uaD..."2..u...........9.....0.."...1).../.D..8)s=S.08f....0......a.H..IZ5'+....Z.O..."%.|..9.?..$....6\..I.a..$Pn\#..OA..I..a....5.+..%........%...5.5.'.$tOg.9.`.....I.l...$.T........e.../...K.2'...%jT...G...x.ma4Z....q...V:.pPq...]..w.........=V..UP'L..........Em.6..lb...;`..IA.s.....T..y.S..A........C:M..2+}9.kT>.Y....{r...\.2k..p.}Y....SC.A\1.`.....Mc..M'.O....W0p..f.d.ANR.....$...k.;...T.....8.B....JR.gm:....m..D.XN..3.....k..;j...(..3,...Y....z...0.N5@...j#..N....y.kR9+..O(H.....F.....W...9J..Lg.<..wa ~..[....o.o...i...{...w..7.D..{.}o.C..'../o.9[.J...N4.;...;.S.j...kU.!...M......5...;..*V..52.. ......52.......#b)..P..z..d.c\.,....#.....~..D.........Bw.R.C.....e..i.........I.=[%..\<4..<Rk .....Z.^.G*%.S......j.bI2......yMm.m...*d...(..+..6f..>.....73.{..@&..$$yT-.".`.5... ...y...nm.k.+.}..I..,. ....|<pXj....q.IC.....%:.....d.

          C:\Users\user\Documents\EIVQSAOTAQ\KLIZUSIQEN.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.856827411229907
          Encrypted:false
          SSDEEP:
          MD5:F878B21B7C287655C48C29CF3CE231D8
          SHA1:E1AFBC45C1176E0E21D9CC18415F537822A600AA
          SHA-256:291409E3BEBE1144A8C1C9BF2134C7AC790E1C80D4E26A337389719ABE478EF1
          SHA-512:39C0FECCE7B8546E4B87C579F57491F4801661BD3B2BE430551B6E17063A8106BEA7CE354ED02B7E288C139D658BA66DD09054C025334DC804BEDD3596CA462B
          Malicious:false
          Reputation:low
          Preview:C.$vfX..S.&...lK'.$TaS":...M...mi..1.j....M..WC7t.5AyV.P..:.k`.A..o.j.B..Z...i.......t.....B.R&......l..V........~N.i.n...8Nd.P..eL.........s,..g..|...1 =..,...iZ..E...6....#.@#..{#.Kr.9.=....A.:.W.R..ZK.`.`I......9......9..|..C..&.@..<Q..>...2...S.B.O.>...n-y..........Y?V..U.....sH........W...C....6k.va.....D.i.z....d..*...?vsv....}.e..E.hpv...............o.bS...U>.:.v.F..<C.e..........a.#..A7.O].5....\.....O...?.;... m.j..)...i.....id3.}.{Z[.l..J*-.|..a..Z'3k.U...C...\s4...P.*s.%$.E......3.7....n......]......u2....&.R..N0x....@5K}..X.QQ.|.#t..>.8.7./."x.d...<.....0..>.g..v.F.j..O....p(.r.b1..a/..E...<.YT.U.tC.V".......m.......5....$.:B5[...P...b..SS.T.x.%.!..A......U...F........UcV.V..F..B....N...._}!....D....E..U+N.........{..A....T.3=..F$..'..e.d..FMrL\..<h.....S.e...B.../.......-wN.*.{.i....1_...Hm=.u..+M9`.B...nK....8..u..[....6R..03.7.3.Z........6O....-<..K../.X.pel_....xN.....|...w.y....=i.&.)..R..8.hi........&.....<Z;L.P..b....w

          C:\Users\user\Documents\EIVQSAOTAQ\TQDFJHPUIU.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8686547892077545
          Encrypted:false
          SSDEEP:
          MD5:7560FFE5B1D795F522D73A4BE5628FC7
          SHA1:B525186B54BE559B2B5710D12C80D039530CFB7B
          SHA-256:6EFD272FA9EE227237ACADE3AEC3F5A2F8F9F1CED3AE8D948270FD19F2BD6279
          SHA-512:35D5D872139098B752C4EB3BD7DD6C99403BB473FAE165A4B9DB0208DCF76F618CBB62FC02BEEF8BD9ADA1C3AEFA4C53E8724678CC19A67C05015C57E80AD372
          Malicious:false
          Reputation:low
          Preview:..#....=.%T,>Q./0.......c...0.>......I..Tq9..A...R..NB.D.......@.!.<....F(N..im....lg.....y,.(..;..n.d......,7......Y.C.4}.s..k..8.>......s..3.=.D.P...y./..g..pf.:9...I.+E.>...\..*....c.t.IL..+.|.?....?3). ..g.p.....Ge..M....,`.&Xo.o.4.G...+...yT.H...^R. ...[.Q.#+..\t.(6%.....c.O.}..1jM..'.6...I.u^.w.?SM.A>%....9}..Q5.......A...+.O./j..B.[..vM@....s8W]....52...)f....K%..X..Gk`u,#&..Q.go._i*...=.>N.c.E.W..x..t.&!.....Mx...o..27.U..7~H...!..&y.y..r_.....g. &...7.h....\-,@a.....i..1..N.N..a#...y....]..*....{.,.4..`Nq..v.......P.'E..-..0...E.d.`v.-..hl..OpA.g...|.-R.O....`(U..i.._.@b...k..q...;.o>d..!.m...P..5D.8...dg.b.}4#..-.j.........=...&OP.^.......j..).r......S..+.v].....)..X.E......>...'......B.:.......A...d.Y.......BN.dG........K..l=..w.._.....1..7..Q....l...1l..O....r+H...w.fh8...5.;...5Jp.g...|U..\....CH.....A.......:F\5...d.I...@...e\.....5...B...^....T.*..{uo.W.....ZP..D.......?.........J.&v.n.q_-..B..!'_........p....D..Wok[m\'~..]..

          C:\Users\user\Documents\EWZCVGNOWT.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.889736247770373
          Encrypted:false
          SSDEEP:
          MD5:F15422FBDBC48D8C2A3BC8B7345587B8
          SHA1:A1B2394E1CDF4265FB97B2B0E85C640B15413595
          SHA-256:19879EBD93F4C3FC7B5C36E8C194AF6962DBDB2ABAD52C6C9278586A571FC411
          SHA-512:85C19081E5A1123AA9E52CE08F7DBA2F465C1E87201E7CEBC659FF81D12116005C63919D6AC6DB4B204D5F49DB9A46346A46BF8FAA632FB0A44ED11E807B0785
          Malicious:false
          Reputation:low
          Preview:&.= ..............-.Jx.*K.....q.&+S......S.p...s...>.}......zd..<C..'4Wf..4..H.:.........sr....{....-D...i....g}4Q.....m.f..AY..`...l3.;.y..8.}/N.G....E.4....c....g.....l.......#.lN@7..$..i..lXc.Y1."O.F....l.X.OD.....V..?..h.lX.Z.E.... ......Z.:.;k5a..6.T.;..[..5.x8[`.Z.......)...d..A.8O.........]....gn....''.8.....r....u....7...;.].....^K^)4.E...X.D....j..d...8Y...S...v..e&...=.2.b.EyS....cq.3.....SP.$S..b..a..i;ZKK.a...&.Vxc..!B.....=..2.x.M.,....5.P...r...M..._...|n.^H..!....(.V.D.v..K#BR..br6zN_J...3. [.Z.-....U..d.Y. Y.-m..{....o..1.n.....`;..xn.B...'..l?o.C..s..(.....0FC../..8$D...qm1D`.u..,Xpj....Nv.*i}.w..~wv.h7....-...Tg..G.....[8....,.f~.It1.|9.#.]..p..U..m...6....;..K.d|.j..RW.SKk..8u...>T...tC...%A..U+.Z.O..;.e?.....Tr.\i@ACu...2.\..$<.oi.z.f.....m....`)J,..yE..DoqmG.Y)v.PNp.bQ.(!..x. ...ry(.k..;..,.x.a..|.......@69&.{..{.uE.._.P|.<.9.M...M...T.c.VRV..._.,Wsz..l5}....%.o.T....L...m!.f>.........U.\.F....%....]..b.3%..gm.

          C:\Users\user\Documents\GIGIYTFFYT.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.866892219704129
          Encrypted:false
          SSDEEP:
          MD5:0DA7BFFDA467A3C8D89315FB9EA1BEA4
          SHA1:EBB14554757839F4DCEFED573EDA496DA7698357
          SHA-256:10AA525ECE36B53F76C599832B78D1FF22A87B0EC185CA0C2F55C67D64A0A6A3
          SHA-512:9C80410CFA52079AACB9BB530A1D21E947245CAECEE3794B4DCB4B20B08E3D2C5DD7115F398BF41D415D53CA14B552C5421E4EA943A7FA4360FB94BEC095EB5F
          Malicious:false
          Reputation:low
          Preview:....#tN....9}......8.6.#qR..&....T...%1.....C...r:..?w..s(....s.h...x..Y...i,9.T..c....f.*3. .j.K...s....?.N<.qHGW}..d......0(.Q .~...2t'.x.Q.yv.o..x..nj....SK.?.N......o.."..,.....cOFh.....A&..~..t.).*...5.......s{|s.7.k.2..S...CD.N3.3..v..n.........7.Ft...n=o...V$....mPW.1....i.?.n.]L23;IN....U...].D#vM..........C...i.5jj..t\SG.\Q.8pG...qGN.../9.WE..|...Hf.G.7w..u78"|...#...'.6.P.kG.).u.....i.c.kZZ......>..".FZ.&g.;....(.V..vJ.2.(.>..Z'..r_.R'.T....]... .....a%.\.e..SB....@.G.A..+~F.7".H..QD....0b..tC..?.oJ.....(<.^_#..T.I.....s.)...H....$:L~.`.V%..}..CN.j....f..rlc.i.~...N..p.....t..m.E.3.......T,.......3._.....uz4.4............Au.0..W..2;'......../.qp..J.....g.6e.k.*8~F..."ij...}.../Ql..E(v%...=..[.F.D.t.{5.{.ku.....*.P.d..~2. 8.@Fzc%.:...\..|..2%.a...)h46n{.........t.q".........RdY..3..H..k.+....._......\.F..K....rjN...ya..Wj.~..1..K..."toZ.._9.@-!........z..(..5.fD.\.E;C.J..!......V.6.@....%..4....G.B`.QTP;a.2..a..=y@.

          C:\Users\user\Documents\GIGIYTFFYT.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.87021463151041
          Encrypted:false
          SSDEEP:
          MD5:A28BC1EF366A459FB3AFF9D0A71C9B32
          SHA1:435AC090B63B41F12D6D4F379AB917B32C8D0C3D
          SHA-256:D31FF76B3263AD951E529BF3DC5180B38790AA482A3DAC405838BA2D74EE69CC
          SHA-512:C6C7A3A26AE28DB664B409B88FA0145AC7CFA0FF96252F3860333C2A3A0C4EA78B151F7ACFB2D1B959954B8203B5F71E2B62DDB8FD2A387F353AA9C413590747
          Malicious:false
          Reputation:low
          Preview:....y.WN.>I(y.c=...........K.&..l..2.;2...D...SsX..=..e&.@../.....}....}...,"o\... ....O...g.......X..w..~Q\........{N.8..1n..%8}.._.....1. ...h.;q*..tJ>u...R...*..h.F.j..M..N.H$.P.7..............-.....I..s...~.....\.ba..Wb.]Dl..]!.R9....../..vy..i...jq.W........?.N.S.wk.(1.......dE...O.n.!..,..i..F..Q|.&&.6hs.G..`7=...y..H(..7.j.....Ur....6.u].Y...t.w.g..ak_y....\ZR.h..{...a.c..l.Jiy.h....\.\........j~...z..*....j.g........#.......}....j^h?>.Jt:oR...k....=.G.k...m;...r..\....C+.kA(....".Hy.B...H....f..-.....+.W=>*..V....'.......s9..".....El.../...K}v....H.G...)..,#....0..I...'.&Z..1B.g..........U.j.`.S..U...'..J..n.....9...+..*b^.......>.vR...jl-..+.M.....D...&]......d6...1#m.X..........o.a...4.,....Gxi.m..iE{.!.[.~..*..4nik.!.C...bL....i().p...G........R.s..b.RU~.}3.....J.7.AJt.D$y.......GM..d.>.R5..ch..r. $........:..4..H.}^E*..q...n..,.....&>.-..[.KN.g...........B....../.B(;.[.W...a.+.i.I.A..9xc..;.e.P..,..v...z\...-..x....<>.?d..}

          C:\Users\user\Documents\GIGIYTFFYT\CZQKSDDMWR.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.862628997172374
          Encrypted:false
          SSDEEP:
          MD5:F9BAC918E3781634B8E2020DF9053066
          SHA1:093D651C189FA4C89398FF616AEEBC0DAE6A29BA
          SHA-256:BFF943AF0EA604097D56DFBD97EBFD1E7492B3805831A31E4271EFB7265223C3
          SHA-512:086D4387C4341E8AA0C4352BA7D264B4192825DCBF5184B3D888200C7F7CA904E02F91BB8E84203F4275113430038308236250D65156103E9D86EBD2D3E3B268
          Malicious:false
          Reputation:low
          Preview:.T~N..w..U}.m.H:{.L.@..t.x..\..r....:`Ux......)...IA.)w._=E9...I..t..>u.h.F.^I.[...JX...~..$#XU...../......P8.v..%......:.[c..e..>.%.[..u.R^=..m.I.!5.r.M......lg{r...."'./..{L.......Fk...L...{H...>......}(....4j..#.u.3T..,o..._Y.^9...}}........U.....m....'..M..}..&....a...n...}.<.....W....,...R.../........ /...Q.~P.u.D|.l.f.FFy........J.t.%#(..Pw....oF8..R..../...Z....bI6........s| .{.U...k.w....L!..4mcG...e\K....?k'......c.B.o.......|d......O-.n.n(j.....m7\..(..(.I.ZI.....\><M.g8:.7...z-..D....i@...g..f?....K@.F..,.....\..ig.0..Z....Pi.mYVZ.......(1...,{X...K.S.P...G.!i.W.....R.......h.F..l.,.[S.../..OO....#..Z..{..P....D.o.,^S.3..._4...........Ii...1{......$..2....C(...LR}..?T.$...?3.=@.].v.z..A.G.....F.BG.5...VC.Fg.."....5..!>...P.8......._`.L..S....g..c....q@?.`/3.......%S....l....{K...R.b$Gj..k.....7.617...BR.s.x.y.T..M.<...E...............3.m":."/.+.6-/..[.........O.CG6z0.........j..F.h..y...k. ...=....p=..m.C.+........R.cn.`_....i..O.Uy..7i.

          C:\Users\user\Documents\GIGIYTFFYT\GIGIYTFFYT.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.858228882398926
          Encrypted:false
          SSDEEP:
          MD5:6FC1072501BCC34E09D11C00BCB5B5F3
          SHA1:6FD0CA9B49A73E7FA86D19CA642AA1E3560B0DC3
          SHA-256:0AAC1B9BA15CF8FC3C9EED5AD35FF06A45D3502049DFCA09BC7A0E9B0D5B6D32
          SHA-512:FEEEEC97942FFAE142799262B1FEF2A112FC07A1976254966626C224D15941BAAA1AD7816A6C4C63C47C44E7502CEA06F89736A00162F639F295E6AA20BEC788
          Malicious:false
          Reputation:low
          Preview:)..D....:..`............D...Zy...Y<p.o...-.^.."...>.&A8g\..9..G.K...f.ud.L.V.Y..r..@,..wR..n..5{.m...i-P.J.(`{..l.Q.U.....G>b..w...%.<.L.....j.....S....q..t._=b-.i.wAN...ZEc....s.ly.........s.`.{"}..25.......+MS...0BbG8C.f..O..P"K.IA........On.............t".+.....p...)._.....%.a.C.....S.....m..U....E.t.2].....znU.+.}]..l.yy.'...~...E.5..c.M.....L!.g.....M..M........r/[O..{5.*-..o.`..q...........K.D.....)...rz..R....f.b.g.D>.x..r.#.69.B.W.>..s..O.^Db..N....V.B..,0^...Wu.....c..F........IV.t-.......lv7.a.t......K2.v.v.tHo.......7...,cM.w..../..ta.C..-.Gm....K</^.&..dP.r.?.U....o.....<ez..6...ci.,..&y\9~&...+3..Y.[..eZB.cu..}.Ta.f.'9...*...[..... .hlY\..k`.s...6m..D.y.q..]Nk..Rs..Z...W&.l...E..p....~.t s.1..d@..<....L.........c&p$... ;{...`n...f.Q6q...M9%c#...9...#...)pg;F....k.c..5.... ..h..f..c6#r;..:e#b&.F..AJ.^.&^v.?..c.k...)}..l.....d2.gq`.n......7..F(....UHH.H..2.qawi.O...^...........x...hp./..U...\c..g...D=.S.Ew....>..... .

          C:\Users\user\Documents\GIGIYTFFYT\QCOILOQIKC.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.881636842581471
          Encrypted:false
          SSDEEP:
          MD5:6C21F421845CE85FD404A99252A62821
          SHA1:7B5C156E32B002EDF0267DA8CD875A557BB1ADA2
          SHA-256:C06B5D3768BC420B2699CCFC25AFD6603B752F816BCA6992ACC2B05A063235E7
          SHA-512:4F6CB7029496E91B42E7D6943E749B7EE99B004DEA7F6274D8770108B045426BFA61A2A90F9B09B19C011E22AF70575FD38DCE0605644F93DE1061D662B4AEE1
          Malicious:false
          Reputation:low
          Preview:H8c..T...%N/..w2"z.S...AZ..Z.sC.d.I.e0d,.`..Yij...=.....].y.;...bXM^..n.. [..D.....}..K.T.dP+d...S........0...:...7...q.....,...H+.w..e.,.R.'....{<m..>xX-..7.....7.r.#..B.#.....uG....."E%!. ...V...H..:.'.........7Te) ...d..z.u3<]. .W...O..J.wf)y!...q...g..."...b.r....y....my.Z.&0.|.I..^.s.&....x....,k....h.[..v..%...0.........l`u".rO...l.s`a..x.a*..MB..$d.9S(..D....4...O...%K@x.OT*.....;..W5..%S.f...=..{.. .s...G.T.q..(P......-7.a..C.....q..,.E9.....77$eC.y....l...2.{`..S...w[..7..r.%;.....M.Avf.t..D../.[n..W.Y..5.&......._2Gk3.fI2..s...sRl....>^e....I...FSq.:..i..,.....'"...u.2.|4_..B..U.\..9D.MpC.Jl.v....R..b.\....J..*=...t..J.Q. vtG.7....V9DB*.L.F...."J...wHj..oigO...z.:.."..[l.vQ../.Hi.@.Po.xN)E....}9...Y..K...B..D[..7h....)|....#.s@!..Tm..P...?.d.Y.A.j.....?..x..Y..5'..w.Ks..l4...\.C.HL..<rT.+.q^..).....h.....N;.*g........L.7.U.....x.<..].L<)G-.:...}...M.}..X).....,.b.......$.,...n..{..IBV.qF-....*.h......q$O.G.*...*.`.k}p.E.."..8....

          C:\Users\user\Documents\GIGIYTFFYT\TQDFJHPUIU.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.872283171555958
          Encrypted:false
          SSDEEP:
          MD5:23FD25D6FE37B30811255BB0ACCD6DC2
          SHA1:4009C7BAF77AD2F8921486141E73151120DF2637
          SHA-256:C5976ABEC8306AE6A8D7525FC6C8FD3A67A8E1B3CB4B60EC1B42E22C24D42312
          SHA-512:F141A6381551D9DDD0717209ADE32EEDA7EC90C539EE04ED6C987C03DE659F5618B943AFE95E725CF724EB546B5F802CB80F2E2FF3C5DB3995E1460FCF15A9B9
          Malicious:false
          Reputation:low
          Preview:...w..{.^.B>.T.%....rE.l.T].,.=..._&.........e.....##.f3.R.c...w...Z..l...E..U.|/..?.....".uR.....V..9Q.._&D|....y....Ek......sy....O.l..7...h.rMZ.O:.....CQ..a1."..$..Bf..'.[.C.$.I...:).z._z.N.z..H..3g7....{.....54.=7....h..G.b........I0....>..+.5.1`>.r.p..8.c.!.#[b....L~.}...z...1xx:.*$...h(.. ...?.....xvl$..j.,Zy&5..u..`.3.J.>V..XD..9.+.%...).j...T.4.j.H.v.._...'.lq..'....W../|<....=...D..W...........*>[x....Yo.....F.(........a..w..C.A9.n...m.x\..;.=.Q.EeC:....!B......^(r.mC.PG..Ys..6.>^.O...2?..A.V.I..U.3.B..-k."....2$..$...@.J..S.B.LDOq%.^.....I.........`....E.;..O...bV..7"...*.V5u.....?..|./......*.W.:...Z...;..<;....Z..?4.M...Y..>bY..(..b....^).Z....J..|_G.....y.....jY.#.j.(w........|.k0..Z..l..t|24Z.....~Qc..-...yt.....-$J..p........^...<.[.;....;..J2..d\..h.\.K...N%......tw........2.{.?0.....D..C..l$<....&f,.0.A...N.9....Sd..T.9j....B.|d....f._.j...<hY..#r..e..=. .3.~....'......V..M.8J_t.d....r.6.........`8...../_..F..3..).{.".Q(.'.:.

          C:\Users\user\Documents\GIGIYTFFYT\UNKRLCVOHV.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.869596972218076
          Encrypted:false
          SSDEEP:
          MD5:30200678C9EC1D3F17F37C00EB15B532
          SHA1:53A843B0C54DDA8FDACA36596448D685CFC77CA7
          SHA-256:5179BC192F9939BFFF6AB56CEF9624A417D07851FB0199B08EED1A5E17E9D07A
          SHA-512:CBD5C9089A0F5648E1B49C1683885782ACFCC5CEECCED18A35F841EE5E849E8B52E09235A5B78EBA0D86F9962AE4F5CCF0A4DB555CC7A21950C7ABA485D615DB
          Malicious:false
          Reputation:low
          Preview:"..K..~...z=...."...2..+.n+FJ...n'..+A#U.K..z......d... ....n....BF.O.)....x...%M..W|Y.Cd.Z=4iP..@..=...s....d.......un...}2......t.[+...^..#....F..Tu...8.N....y~..E.).d...A..2..:.....S..(.`..+*.E..:L......".lp)=P3.e\`....A.z..&.=.ZkT..."9].?Y?...KIY...mS$.-.0.;.fM[.....)P(.@......&..9..........h...G......R....&....Xg.i.^T .".}.f...e<.W.g:>..)S...^...A.....P+..%..nf....c\.E..j...8p..OV..iE.[..s...-.#=.D1r{../:B.<...j........./.J._.......Z.%.i.nQ....l.#......u..........U~..$..6/.m~..r;.......j......E.v6.X.....\.^..q...[.;.2.`\7a.@.?.>...n.x.@Mx./9..w$.....jO.9T..."...S.Jd\.<Vo`..V.....U....)=.Q1...V.....S.../.d.~bq&G.0%s........y{.?!.. Y......0J.....g..6n..L.i.K..r.&.1....ls.5.Z..\.1nH..j.r.{...q.M...,M^1..W._4.n.....(..GW..k`.@...N...CshO..n"......._..f"......%.....u.QsJ..S..T/...Yl...3A..:...8/.?.....Z.......SI'....bTO.H.x.(..L.;....d..uL.S.<.V.....;.o4..;+1.B..................!.+......+.3.T....rGn..5..D.. ....4........2yS

          C:\Users\user\Documents\GIGIYTFFYT\ZIPXYXWIOY.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.868928866540284
          Encrypted:false
          SSDEEP:
          MD5:ADCC8BE267A1AD0178FAF6E5903D0F8F
          SHA1:253698D1595A0C8F4EFBDBFB904CCA18A645CE57
          SHA-256:44889BBA67F1402629664BDEB24BD7F9C95F584FD196BEEADEA702AD888421DA
          SHA-512:463CAAC93C7F0C4FAA486CE5E98238DAC61C8FDAE8D0A15E2ABF39A249EF7FFC9E855EA5926DA37423628A355A8A3ECB923D5DA762158E12BD6FF59C9FC9AF9E
          Malicious:false
          Reputation:low
          Preview:.7VX...$h......d....\\.n..z..1.........mw>}I...K.iB:RFD.D9R.......A....9'+a.....)(.G..h..RVN.gb..l.v....s...K....fs$..T:...._S@..>.BZ.....W.K*.6..A{e/.....c.U..)...6.`..:.4f........4vj)u.dl..E...v~V...x.z._.....[...H!U4^.....K.`...C.....j.<..5.P....R..b.....$.<..B.%7...uK.O{.a.....15.F.V.'.4.hLER..$.4N].gs_.I.....%.V..<..c.....t|.Z.H=.....S...Q)...%..+/.....]....2v..9q......i...)......]\..2`c..1J.t..b..(.H..|...T..37.)M..#<w..t.../\.PP.5Wy...h....`.\...G$V'.Y..Rg..$pR.5q..."..<N@.].s..m.....uXc.dm.i<.....L..>wM...1w.R..bBY....{4.}...4...voY..B.....1*!.s.#...m....4.#yW&..Jr.*./...j...v]@!.f..<.....2.P...r..8].D."[.Q..X.LhgT.....B.S.....NX.L-...L........h..b=.U......i6.(.7TT.!.[.40.."..,(z..{.5.~..s..4 .....p.....'AW.C..?..}v.Y.GL......q.4yB....../G.....`#sA..O..4..*.}.~I..T.....o...._;/p.T.gr.d.l.V)M.W.Vx.....T.. ...X.{k.!>.G......B.#..M:4....f.E.R.. ,.z.7A..f.........(.%....{.B.q".;..a.i....J.o(Hn...gZ...j..D\%...=K.mf...z.S.D..F|...

          C:\Users\user\Documents\HMPPSXQPQV.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.858830727201548
          Encrypted:false
          SSDEEP:
          MD5:AA084F73AA6F2720576682456D8A701C
          SHA1:865136DD79D7F9C7844104E690BFEC71EDFBD80F
          SHA-256:C796806B5BFF702E8A6016ABB4F2B52F4F727A09134F8311C8278EFF2494D83B
          SHA-512:E10AFB7472E104697FEE911574258DFB638E82ACB424213681B8B3759537588EE0CEC9BBA266702C4FA8613CC27C15A061C22B45C6ECA985907E5B532D738484
          Malicious:false
          Reputation:low
          Preview:/.cD...8.B....c...uff.UX5..0.>.H..8j-..]._.&.Y.#.....g'OP......m.cy.^...]....Z.../..[6.{..zlG..+..N...]....RI=:Yt&zl....]=...k....O>..D).Q..8..8;.i.9...l..'....&..E.._.4.+.<E.'..W=.....G..-..^.....A......|......b..Fz.O...Jl......~......D..c.....y...5..}..P9..H. ..7..w.;.T+_.H.D.|.4........H#Q%..s.6.!O.sL....\..9Sn...X../.&....X......DI"i.I..F....$;w..].....,NR.m\}N%.g.9...,..4....ep.8."....J.A...M.x...4ja../..&...i.Q..=.@.......DGQ._].<.H1.)!..6...6p.n..|.+.X..%.....gi......U.go.Bf..J7.*.p@.....3.'.P%Z...r..J+.W+\......c....<E..\.lz.~..a.!$..:.]#.....e7.......!.%..w...]..l..5w..;h.W0[....N.5d*..n.R_]K`W..y.....8+...a0..z..._..d.BtJ.-.....4CK.E.r.........4....3....tz...+....l....&...gyz..O.@.T.XL.P.{...Of$.....z73.|....e..?q.#4K...(...J.#.H...G.m.fH=:....Fjt.d.g..f".....b......>..!..]+gO=n..D?.i...]......{IP.:u^...*J...-.....d.....M...y........... ..i..HR.{ai...*...LA........;.p...V.+).....m.t..i...(..|...QI.O}..j...e

          C:\Users\user\Documents\JDDHMPCDUJ.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.870227452804232
          Encrypted:false
          SSDEEP:
          MD5:4FD9357324BFE2736549A946678A35E6
          SHA1:E0DBC09E4D1B68C7D616E500102AB0EE988873CC
          SHA-256:145983FB8F82A417AD993BC7F88D51075322876501BCF2C62752635CC3F8AE2A
          SHA-512:06DA3D6C127B15DE1AE84CEAD14EEFF1EC548B54A9DD4C0FE288BB93BB6375DBE83A5F6314E73D725CD1438F88EAB1614383839BDA495890EBB5E9699422F6C1
          Malicious:false
          Reputation:low
          Preview:.....\.v...6....'].....Q.O..b.f..$....Q.s._.;Z..6.v..q./.....g>..GUF.5p..!.K..../."$.@..i.cS1..3~..E.....)4....H..9.X.p'.....5..u..OX.*/.<e..T.%.a._j8...R...1..*...j!w...q.\.x.0.......\O.[x.9.~......1....C..pq.U.Nz....*...!....H...^.....wh)..Y..$...!-+.o.|%I.&..t..eR..s.......QC.~...v..g\.......%g.y&.U...............4....;.K... .....2+.w>751..x....|8.aO(&?@.'......... /&H..De..nm.B..QA..)=OZB...|...\k.E.....Ozs...jLL..f.x/ ..wP....,r...C&..........A.T.w.... 4#.h.6.c8._.#.Z.......|Y.y.B..dS..K.*...;}.....'Xg.G8.wb...R(.aX..12. q].=......E:.X.......(...q...&..2.O....7...V&#.Lh.....~7.^.yy..&..)."K.m..I..H ..R6.)...eP...+.5.:.a.9&..u...;.\....b.je.......].i,Y9.K|.6l.>..5.._..?D..]3......q..Dg0....!..g.M...6..,g.............?....Z..N.E..YO..Ru...P...a^.].V.<&~..3L}3Q.C.;.{o.Q....s..G..!...>[\;.7..F.*.Z4E........-........X...z.S2....r.....P...%.N..\\s:@x.%YM.[....2.O@r..&(.,....d..q....%..1.\GY.... X.gC..<Q.l..g..-..].JF`.q..G.o..j.E....P...0..9.y:.F./?.h)q

          C:\Users\user\Documents\KLIZUSIQEN.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.858459418813075
          Encrypted:false
          SSDEEP:
          MD5:485276A6EFB042C70D91EBBB0A4F2310
          SHA1:E1BA609832F4D0040F7B9194A0812442DB538907
          SHA-256:64892931F583E46CFACB77C299E6EF5C2C1B106BF9836E1030B4E04EE02BBDB7
          SHA-512:51EDA996D306426696C8E37430F79F373D0D6B0116AFD3BFB83FF7F6EF20BB7D0F1D936BE34305FC411074A491266B5BDABF94649EEEC50B0E8847A94F30D8B1
          Malicious:false
          Reputation:low
          Preview:..Vk1+.....LI.P...k......XxA.w;...]9........[=....]d.YV.}../&W}....I..?'.E&]{...|...w....J...`..&S..<.L.."...a(Z..}...#.5..K...Y...v..2.....m.Nb.6...":....g<.I57..]...hM.....7~._}.&l.v.).;.LS..z..|O.....,.\.....M..>&.a.dXh.^......~!..(...r..7sQ..!..,.!.".>..s?|...S..rJ.......p{-..|.\.$.$#.!.7.4<lw.%.....N.] G?...P...*....6Ds..............W........Z8ac...j,.....'o..-...z..yV.F:.T.NH../..],IU...y=...f.o.pc....R......7....`.w.X.S[)e-..t4..U=Q..=......._.)....$N..!..].-.HK..._..M9.$.|.......y..?v...S<.....m......&.Ra,.6...\.......DI.O.O..5...&.xZ z.?W.9....GI..}.~...zC.....*..~Yo7..v>.._.....>..o..:x....~>SM..v6M..p.v....M...T..:.f+..N=$mA..%.o....^...4...?i..K..yo.e.....}P.~,g..8..2....].6..K....v(..A/..'.[..{=(GuD.'.9....Db.....qh.i%....v..V.b.;..1..g.....B..;....so...sY...{.<..1..#T.%.......@.M..r5.{S.F..7o2.2.D....*a....O.`.{Z).\z.'.`PX..-vN\,.(g.Y..? ...?..;.:2....".W...~...9..N..R...Y..t:&.....[EV..#..,.o.&`......2.x..ht....

          C:\Users\user\Documents\KLIZUSIQEN.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.855720614587568
          Encrypted:false
          SSDEEP:
          MD5:375E20674FDC0D439E1D0A2D60D56B98
          SHA1:61DCA5EF82853268B244B3FF7CC2E87B947B1B3F
          SHA-256:538BBC001F1544518E1C40EEDED0F3F9FE24F357C6C78EDD43452C205DE54AAE
          SHA-512:95FDA89782975DF0E825E628C140349C13F266134D8EC58E775F536BB2E66C42F23C1BA35215FFDB364D40A40E2965FE69C950FC9A36847F707B60812919059D
          Malicious:false
          Reputation:low
          Preview:.......]..V..WO..DtD..WFn...?".x......#L....WF..."C...A.\...aY.:..X..v...,..#uG&V.B"a.lF./..D.A.=....^...R..~....6./.cb!.$.....v..?....`F.R..s..\.u...P;#@......!#...b.3:>A..=.Aj"....=...r.Fr...+..8...N..NF....X.....V.$cf.Z._(~.-.;.)Yk.C..*.x.}.=..,tMIO.*......a.Q.`...0..{]&..Y.)....u. L...#q......&.f..>..:XMI...... e.wF..6[.COq....5.....lM....AHqf....RQ.eW..4.K...N....6.m..'t..._..Eb=......Ff./.zl.5.9#.h6. .\..G..l....}G...?W.......N5.z6..Kf{.%...F.X....=Y....:...."NMHU_..N...l.....f....M.Rn...p.....[QA......H.eY.z..N....m.7~.~..d..c..8~1. P&.Rz.X..8h...xV)/dP.....'O..^..z..Q$.........is.]..#....r..n.+]!S..?-R.yG..O.W2...Z..v..%.T.`r@..d.F...Q.O/..-e...+...3Y....G...Wz.."Dh+.....#.....l.`....j..O)a.b...#..P)...`.5zn.t...?.}.. ...........P.^.;@A.....x....h.6W...K......j&.r\;].T\.RR...h.262R\.a.."..........8-..@/..M..]p.v..q.~`.X.J....".j.y.>..U.gK..r.YS...g-.0".>.8,(p..9m.U.4..cBP.Q$;O.'.).X...0.X..`#.{.Hww..;....q......X......[.K....m.T8B.#(.

          C:\Users\user\Documents\KLIZUSIQEN\HMPPSXQPQV.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.869819252635713
          Encrypted:false
          SSDEEP:
          MD5:1D6E92E09B2B1D9C4944157D082E2439
          SHA1:0CF30B9986A353D23196F1C832C0A2F68ABF7BFB
          SHA-256:723A452DD4A65C9698CC229E257130C1B12BC5557DF9EF82557320AF2E20954C
          SHA-512:C938327685317C277B0BB6135746DAD283A3FA1832411111EE7E709CAA72E8B02A20F8E5B8DE22B44FB22E7A73E3F8FA34BA5ED4E0D3686093CDFCA68D05882B
          Malicious:false
          Reputation:low
          Preview:.0J...R...Y.h....+....L.X@.#.%..)...\}...b..k,....'QB..03..3....>.Q.Z...x|.%...?L..e%../.2..........5...P/.......D..../F..y.g.o.J.\.....".......?S..3...m...}..n.........+.......z..O.ySZ..Sp./..R....J.......M5..D..?y..B.9.....&.....r.R!@aj![.?.;|.u..z..G c*.Wv..r...5Lj....dZ)E\}.x.....y..&\Z.J.$....R?.:.........3.?e.....I_H...Z...L%...R....v_!..r.......t.f[?..6Iw...(..."....r.h....~.........=5..=......:.......^.d..(@at...c..q.!'.....#^I}QlH...`.U.Q.9}..2@r...`.Q.},...h..dmq..2u..|[..].h.:S{.`!b.[...../oj...T...HS?.!O..'`{... .t..t%...g.5....uCX?6.E.f.QK,Wp.{"IAkA..?]...?Y......t. q.x..]..<...>y..P..e.Q..]79.tT;I...V...s.aE8qa.E.(.VR..d.W#....E...qM...nyh1.[q....y...Bfc?.cr_:..4.~.:[.u..`.....0~....q..'rz.G............u.y`y.9T2..jx.......>......|.~.H.?n.}..z6.J..NG.8..sM.L7t[..-.*p8]...<...q...<B.F....."?..,Q/.1WpAR.%.w^..2)`D.pT..~^...w.l..I....xi..V..R.....H...C;n.ep<.......OY..O.y...t....(.,SqL....~.pC.O...#.Oj..tq"..G.T..-C..wq.4...>..2E.

          C:\Users\user\Documents\KLIZUSIQEN\KLIZUSIQEN.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8708318118016924
          Encrypted:false
          SSDEEP:
          MD5:65F5CA8F2DCEF33F4CF951AF893E6531
          SHA1:77D08FE6D68E0175D0DF9AB721EC9E449B9609D1
          SHA-256:6BB5DDCFA7B3734F2158303CCBB7846595213EB1FEA78C209FF20A2B2CA8C8D2
          SHA-512:442076C93964A0A366AFBB6791E1137FE25ECB4483E632C83C7B9DD75A332B503BD5C778CC403B4D76BE66829C524735DD835DFF5576A5A6FBAABF4EF2A50BB7
          Malicious:false
          Reputation:low
          Preview:H.oh.....i.x...8...Nj...X..f....,.}...1.....1...".....ea@.k...s..R..&b..8C..D.4..kk.T..&c.T."...N.j.U.0.....v....yfX9xom.ic.z. x.F..e.^t#:...xR./....[.Wuo....W....<....0.5.....J...#Q....F.1F...|.<..N..8Xu.. ..(..b..7.=5...i.,I.....C.....KTY.....b..HVV.#......e-O~....V.....Jb.6R#M.4.p.3.h._...C..S...3w..gP..F.U!m..~.....}j.|.=..#..W[...#....X..*......|z.V.B......nu.o^..q...r.}.9..@B..8.!...:..'<....J...t.[;....M.w.h&.m...,s.M.h..#.#......Y....V.BE.u.g.....I...h.w..s<.....ow.:l/...E.....P.<(..!.fXQ.{9V|+W.3O.m...n....}@BfZ...?....{...;..|..h..{....%.K...F......`............|Uig-U+.w......M{Uf.x.......pwp.Lw.Q0.2c.1.......&..).+d53>.A%..w...fb..*..A.3.+4N..0WL..k...j5^k.D.....qB....4.......~e.?...[Q_.=p.>b4q:L.4s1..0=T..}.HdH...!..k..v5.<........R.#.zKN.:.-fh..)%.).6I....#....\.}. ...c4X.?....:....U.....>...y}..-lA[t.{...o8~[...kT...U.9E].7.....jz.JMqT.....<....h..h7...T......8.....Ui....dG.....w...q5x..MlBDK..Ygtg[y..V2......A...@

          C:\Users\user\Documents\KLIZUSIQEN\NWCXBPIUYI.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8730047907170855
          Encrypted:false
          SSDEEP:
          MD5:9D609B88D7CC39591618E94178BEB38A
          SHA1:EDD050D6DD81700DD0DDC2294D9CD172E0EA0C52
          SHA-256:851A756838554C6806599B76A1977859A46A4B3111D52A2E0DFD41763AB53FC5
          SHA-512:2631D41EA82A8818793A1A6E9E9AED8ECC0D55BD5F168E61F609827AB2FDB42A07D63DD93DB0650A9F57DFBFEA7C01C5DB12A7BAD45BD1807B3BA90541BC58D6
          Malicious:false
          Reputation:low
          Preview:._.qE....[UT..'L0..%SI.....F.3.[..7.`....U.....A.K.e....]..|#W..7..Q..(&.,6.8....F].&:G<;S#.B.M......."r].>.{...3.....9.f..y....a..S._.-...1y...z...'*..U.....I.p.5..H...Y.!..`X..(...2.y.....:/...Qn..,.D/kj.(X..F.i.....>q..a~.I.@G.....3..aX{B.b>.$..78.\.7.bR..|{O7.C.0...0..*ws}...Y....,.:9.+.m.M...@..k...........h>.............}.M`...G...xQ3..D...@......[.|...o..........+P.UTl.?...{...........`i5E.O.C..y.j..j...f.U..{D.G.1..K.5.^.8.9It..=..p....s..s.1.s..]...w.s..K.~.`K..{b.L...9...R9.qY.M..X.....5...g.xyT+.%(....8.=..Pys..'n.....^.0.~.S....9..L..po.Mg.WW...pFr/.HZ.`..6...<.Q..^..!..".g...;.u...=........@\.......xe..t.(..u.....~?x..G......i...7......D..K.L.r......R..7...O..A>p..>f._zA..:.N.....a.....=.@3h...rRa..X..u.....)....u...r{Br.4.....p...v.6.......8..r\B.4.[......`g.1..{..lZX._."..A...e2...f+......q...L.#............-..i..l......9|H$^[7...%...........[..../.......m.}..g.>aJ1X..[r..M..6..M.d.....Lx....+....c..WY+.xu.._.+.+.}.6~..

          C:\Users\user\Documents\KLIZUSIQEN\QCOILOQIKC.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.869883000125354
          Encrypted:false
          SSDEEP:
          MD5:2AAAEE3CE532FA96ED19DB46592F4DC4
          SHA1:EBF1FF7A9C29DF1E7E85F82B8C2A5BC8086F130A
          SHA-256:4E34A6A423970477187A3BBAB198C35E0C59A93EB3A3BDD46780F7D1C9485004
          SHA-512:B6D7C77194F9370FD3EB03C70FBF756CB6BB8426F9E58352B27C15BE1329E080F3C004C0EE8582449625932B52187AE11C7FBFF8266C1DF0A347D3D073B91E6D
          Malicious:false
          Reputation:low
          Preview:m.+.w..oD.2........eA-"...L..0....w..6..*.'....X.]...T...x...S..L(Vo.2sv...........h.....{..;L.Jb..D..*..v.;..*..!<R3....t.a)s)`..Ki..L..W7-.l..._.J..!X...s......`.J..I`..Xoj....Y..."....d\..(....J.....8."$..z.c;...(.g....lJi...u..........N.J.Vm{%..4L..$.5l2:..qV.....V.~.l}T.'..(.3..b.0......:S...Nn.r%;..Ik..wa!^QnfQQJ..H...c.1..d..00.@F..7..M.x>..nn.{.}.._ka.."Q.<E..Zt@......o...[|.Kn...Q.B.. .....H.J-...Z?..d+.i.....k.@M.=.G..-..G\.l.t.6..?.az..R.9....\..M.4.W=.d.<.$..Yu\.....;.?.......`./.uG.....s.v..6..t6a..d5...UK..V....".Ai....._5.#xW#5..T........`..'J.9..b...p;...]F.$..+......d..".............4}...{...b..P..x..^-w..G$.e....K..F.JD.1.s...m.&m.>.m.....r.t.Q.Tk.@...}....c.E..v.-}k.....CP.X.......m.`.]....H. .....Q.O..:.....'dB.8..2_.,.lh..,.O"...j<d..s;.lF?...w....t_Ex/9.O1"[o.WJE.\^`.q......T..K...."<b.5.%.....{O...........;..B.+m.X......:j.05t.....u...j.Q...Q.~..?xE.{..#-}.........!..@....~.....&6..s.~fSMY..>..........Yz.Q..B.Nk,..zr.;.

          C:\Users\user\Documents\KLIZUSIQEN\UNKRLCVOHV.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.870546263500105
          Encrypted:false
          SSDEEP:
          MD5:C359E148108992953F0E83A6E8E0C08A
          SHA1:C32D2213087B2982623E3376755AA49762D5A3E1
          SHA-256:A44B6D2A4CE104782DED3D1E49C7ADFC4375FA311DB4D922B04C3EFC874E07DF
          SHA-512:B28484E1468D26052A417A2BEA758BEEE6F58DBC72969A1181755A27F5C64A347BB2D72F59B989E6EB3E2E0B0A6CF2122ACEBDDF77C76D3425B74C70C4DEDE29
          Malicious:false
          Reputation:low
          Preview:....U.5.?P....^....Y.lST...B+1.Es,m..8..n..'@....2?..../1.....&..17%..Tm...IF$..o...>...6%e..0....i.......K.j...~.a....~..............h.............p..v..fJ....Z8yWOUsNi.&.9\.J;7..<y..s..05.....3.AH|.Yt...ezM..B._ML..!.5......a.*...[....4....Osr.......e\...._$.M.....{ .gbQ.<MF!..>T...[A..-..(.m@"X30.kW..s..p..m..._.t.p61-'.....;.)Kw..1.p....f..7..:r2.L.._..y.?..{....g..3.^..'>..lQ...E....?.L8.&...J..^.!...%l..$..2.N.]t....u.[..?b}C.|<..L......X.p..4b.B...[....p.t.x.......yZ*...]V#......F>-'D....*..NgN.|..3K......C)..I..m5.Li_..$.FF..R.M..QBc.Q.>.J.T......p...B.||.k-. [..I.%.9@n...W./. ..h...UN.4.`q}b,W;..dY........8.!...5.....'.,#q.(....$F...+,4u=3...#G\.....<J.&P..s.`..U...1lo:|..@....#9..7k;tlg.z.......bJ......C..{$..~P..m.}...0]h&{`......=..k...]...........c..(/R...E.}D.u-.v1x...k.r.l._....?q.N.M.".{uf....R./..dP........p...a..?.\bF^..@.%JG.._@>.{D.";....{.Of...v.......Ho.p..s.ud..K...L...g.+.....%I.... .........!.(.?.{%M.Q.-D_

          C:\Users\user\Documents\KLIZUSIQEN\WSHEJMDVQC.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8874510572038865
          Encrypted:false
          SSDEEP:
          MD5:53467597285A00E1D010D77800770976
          SHA1:D8268737B6115E623DCB9560FCC045520CF0C1D1
          SHA-256:374B2251B5B4CDF77A176D4759567F456D88AA586E720D70F59EF82CD5169A78
          SHA-512:7E9BBD0760C6032A627B8BBA4246062005C92C937FD9AA819CEF24F5260EA199B533911FD39B2E7ECF1D350AA5E33F3859EDBAB08647C7EBDAC3F9D40B9DFF04
          Malicious:false
          Reputation:low
          Preview:...i~...k.....M=v.s7..e...toX.e..c..YZ...8Jc..S0`._~.....v.P(...........=..N..\G...D.r(e..L5j(7w...AI.L.{Z..P...&./x/oGd....^..(....PAv....S.6.T.2|z../../.............>...*.lSq [...)...|......'qb...Fo..v.!..w>....@..;../..a..T.H. .....:.&..g..~.M.............u..\.........W"..grO...f...?K.5..s.a..I.\....H...=r...#P.EX..9...~.e..a.V8.i$...-.O..*..7..Z.V.;.zg....../O..S?..[...b.H...c .hJ.>.d.b.&.....H.a../n.o.B.>`.a^(.i~..=.'W...-.S5.s...;...-.p........g..H_..].{.Z..X.#Uh.u..J....G.l...F...(..K.....6....8.p......x......(..(.w@.....#.&....N..#.E.F....=....b..8X.[.S$..,~..c>E....S.=0.N.........J0@U...=. .C..c.obl..i..0....z.`.......DG.......g..]..B.2!!....`....F....:...-...).%.+-..m..x.#S..1..,1....gR..?mC-.UE^A.t.8w.f5..Ut.c.n>.lo...Ex....|.)#.JQm.~.^e......B......i........>.X2l.>{....j....!#0..h...`..*.,t8jOV......XR;....4'{D..........7..hAb......E....A...p=.S.g.:...86.7.B...9a.7D.hdKG...*.vY..L....Q..j.....dn...6......L.%..QK...

          C:\Users\user\Documents\NWCXBPIUYI.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.883730569854999
          Encrypted:false
          SSDEEP:
          MD5:487ABA5616E4419C1CAAD5FEC17B6B50
          SHA1:6D34CC4851027768886E52FA36152C237CE8F8DC
          SHA-256:CE299ECA2C3BE8CCC11D7F98D872F10B8AC6E36FC0097B24A14E44D49CD5C9FC
          SHA-512:FD2010421F7D538ADAC7F0F68AF6E82E75519592579DF4F84AA8DBA3D9EBF3E58570ACF15B97E286B4A623B17E264974797B6D476408147E5FACED8AB1A2E877
          Malicious:false
          Reputation:low
          Preview:y.."..c.V}..:.../..(..[4..(-..c).o..*,W(..:ASW..8..P......L@DF:.X..".... .uG...(......b....T.X&....f.r..5.^.-[./.".p...k...AN6z..i.c.a....P_...fp...At.b...d...NT...ru....$....R.Z.Yd.?.....15.x.T.......oQ..e...x.>6$b.h-mq.|....x#...>..f,.Tm...g.a~...i.UQS...0.@L....~6......U2.....&I.>I.....w}]e...$..#r.$-.....m6K....)u+..WG-.W....9..R.Z..Fc...X.........6.1u..........[.2Wwj.....6_`h@%c.Gv.=....?.Y.=...}.Ba1.[.w.0....\.........Z.5.C?..f..^.I.*.V.....%..<.`.b....%.._...&k....C...bj..:+..!$%.]|'xm..$d...[...u...B+..$...o.y.8.....N..K....Y...+n.$...,l.oD?....i.n....;hI.w..s...A.Q..%X.?Xdb.g...C..%_@.]..l...:...A..@..[.......|/...b...P.2.K.9'.0..$W.jn.)|.$....K.WU_..E9'4*.j.......C.*m,b.W...?0)....w Q.P.....2..9._.....r.....@.0 .0A...3....mp_.G.zC..o. 3...8c..+gL.*...!.DM...4V....h....u./.9.T...;.G.=...m...Q..sL......@b..,..nIM.8...... .D......`.'.,.......w5.?...z..O/.~=.....Q....u..7'..@>7w...-t&7D.I...g*..".=.@.....h...u.@..w..v...?....@.&

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          File Type:data
          Category:dropped
          Size (bytes):576
          Entropy (8bit):5.051544237902749
          Encrypted:false
          SSDEEP:
          MD5:6BD63A3846959F3C0CB44819E57D0DCA
          SHA1:AF7B8AFDA9946DA28E1095E70D72479FDE9E467B
          SHA-256:2CF08F8D294FEEE880AD49AE3CFC391FB6B3437F49E6221C17F85C8B9CE2199B
          SHA-512:16EA17B9FF89F50270C758F6B5756FBA7BE467FE12E1F5BB6C9B5207937EE37C8D1103C4578FD43FCA32D9889F8CCCA3F550FD2D58D9EDFC8F9101B4877EEB7D
          Malicious:false
          Reputation:low
          Preview:.6...AAAAAAA...AAAAA...A.A.A/ALAAAAAAAAAAAbA5AtA.!.AGA.A.bbA.A`A.].A%A.A...A AHA...AVA.A.n.AKA.A6d.A.A.A6.A~AEA...6.A.A..Ab.A...A...A...An.LA..bA...A..bA..#A..bA5..A...6#.qA.^tA..&A.5.6..A..bA..A...6`.~A.G.6N..A..bA2..A...A6#.A.-.A.#.A...A.#cA...6*#.A.*bA..A...An..A...A..A..bA..A. bA..A.tbA.SAA.AbA.S.A.6.AF..A.L.A`..A...AN.A...A..(A.}.A...A.1.A...A..A...A...AV..A..AQ.yA._.AE.MA...A|.A...AU..A...6...A...6...A.?.6...A.H.A..A.9bAK.XA...A...A...A..DA..A...A.%bAZ.A.;b.q..A.#b...7A...Aw..A68.AAA.AtA.6..........................................................

          C:\Users\user\Documents\QCOILOQIKC.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.880293874396778
          Encrypted:false
          SSDEEP:
          MD5:02678B0002ED12D37C33AF92EC867737
          SHA1:E49236EBF1F228D54EE43BAB68874F0FC09A8AB2
          SHA-256:85F7E45B379360C263E980A71A5842951F3B07FFB33C5BCCE0978D9BC7CA492C
          SHA-512:1FCE4709239842B84D33EB49A72F4604693828A39275D783680B941D26E82D975DD2C0F499018019F54B0A53A69749B8374F082D7915164CF5D4549CB28AB7E2
          Malicious:false
          Reputation:low
          Preview:...h..7^..%...c..l.....M..R.r.Q...........`.V..d....*q...d....r.C.D.#e.&....B....&..C..w....F..2....m%........Q....E<iZN.`..vT..0.G......`..Y]...g........2.P99....Z.L....`......h..'!+.3[,..M.....K..*....g.R.......!;...}/..+..'A.j..N."+...Q.n..q..).O~....-*$.m,.....{...;.y..DH.>...!b`.@f..=.....&hK..d......y....m..a...../......jm.?...h........X..3...3._.L.?..$6X...;.@...J..0.S._\....[....#..H.u<.......Kr,x..fI.d.:.....!o.r-.Y}..].7F.........h.....5..].G ../.g.....b....m.....W.t_. ..v....n.W.mq...k...2.#h..Y..z.]a[.z}.U.,5.wA.c..r.e_I.]..v/|.x.%.N..........[.Q...G^.........x.....Gd,.e...E...w...C.BI..q...T..0.mPf..KH|j0./!..xG`....w.1'. FqqG....Bd..y...}....a.O.$.=MR.!%.Q5.,.,&j<....k0....?....-........f...J.>...4.m.;.J73..V..;.....s-!Z\....La....4G..<h.h...aeB..@..E.s.9m._.f..o..=2......f.....OM..;..u..<QE....T'...Y.3..~.._.......R.....6W...O.8A.!.Y)......w.g.2.'...Ebb.3.j.F..C.....^.&W."...Aa.6........P.b.......).9...Mm....

          C:\Users\user\Documents\QCOILOQIKC.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.868516398036889
          Encrypted:false
          SSDEEP:
          MD5:FA9DFA663B52CD58C6CE7546D763978A
          SHA1:AFC64B69EF5DB238725FF48CF324F2E2407EB529
          SHA-256:C1DD7B495AA3A9E90A935E277D98D8C7D61B809486155C454A23CB47FD0B75B2
          SHA-512:2DBC91D391DBA7301F8A54E6289ED4F827D1883F3CDF7A2EC83090598D58D0199B9A8ED9AAC95E5A1EDC59812119D0C8B632E28B60CA43F06B427431EA8D462F
          Malicious:false
          Reputation:low
          Preview:.]Q./...8{.T..$X ..uH.ru.S.?z........35.<.z.0....._Y..B)...{...2...x......g.W.r...>.....H..c..AX........2~tk.....%z.t..~.t...6.y.._....g#.........M....isU..j. ...Q.3.e.H..v......$..K..h...0..+......(.:M......*N...3....=....6}....7.L.[..xP3.2..>..B.t..%4.$...n.L..M..h..o..E.J.EW.C&.].R.}....h.v!..z.."....#......b..U.....8...[.....2..CQY!......^Yd.??.2...D...]...qOe.D9.".....zn..a}...bi.0..U.AQ@..\S..E...8...R&?.y.V'._..FZ67........\d.>.'_.......e^..r...wz9.2~. J...w *A....S....6D.M..g...Nu..f...~.V.,...w>....E.;...P..7p...&..=.Zn....h.......k.W'..s0..}.....E..c..B..q.u.NmPR!............!..^4..............[.J...L.z.b..F...L.......f....>ky..+..Q.%g.......E.:........5...m...v7#P.M.;..y.q.@.#!z6$3.A...T.....t.'"v..7..&.l^0${2z.J..1..;...;A.._.%.f.....{......[bclE.... #M."...e.....x.. .....f.;.C.^,6=..E.j.<..7...,G..........8.E0..k.Q^+.i...33.G...i.u&!..Y^.Bvwg.+D.....+;..J........f........C.u.N...2.1.J!.5....*8.E.A-......].....K.....N.

          C:\Users\user\Documents\TQDFJHPUIU.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.883404710343636
          Encrypted:false
          SSDEEP:
          MD5:175776C56A8D318E55CF7FE68385F2ED
          SHA1:35241DE0628C1F073B82A9D299DF9029C6AC21D5
          SHA-256:26C65DB5D573209CE95C6697615B456CA4F1866086266601CCFA1379165F5D6B
          SHA-512:3F89586CA4B4824B18388F570F693CB5979B73FE0687ECAB3ADAA52A29AC3AF066DBBF26EF96B494EE59865F579E4EF903957F3B1353DB5E0BC998A83187B2D8
          Malicious:false
          Reputation:low
          Preview:=.._%J....r.....bbb..n*m`].S.9qV..}...!.9....K.Q..K;.*.e...uu*Qns3...D.+.g.b.l<G...Fi=E..?.eh..J.%.5B..gy..j*....2.l#=...5@x.z..h,.I.^........K.......0.~....P........~&. ......i.I........,.9.2....iC..].|...H...eE...G.19.].}G..p;.# ]..0...*qN..o.1`...r.....^.5..^.8.`(I..u...........y.....c...':...U......Y._...TA.^....R0....o.:....e....>....0.#.6.w.Qtj.......X.O/B18..mY.h......'.<J.Y..@iU+..1...S..-'{.=H.N=.3...f.9DM.a.ty..7.[...=.;[:..<.&....$.kV^..p..IC.a.. ......*H]....]y?.'...W.%...t8i.A{..J.......,Ca ...x..6...;..G...9..".o.3........F)v..|.P./...../)......<F..@.b.....t~...U^....g.U++]sQk.....*....@..'...9..j...L...`.%..L.....~.y5E..Tm.(....6.k.k...W.l..-<..D..d.&d2...A......x.G.".yQ....t.(...oU.S......QyP..+.0(z!_..[.^.Y..S...!."..........v[.S....YU8oc_W0...\i.n...;q.\..?,.F........5d...k.0W.0Szld.+....tzj^t.9......I.rG......7.}.J......./r..H6.....I^..o.;S.i..&.Qz.4.ur.l.yj.Z...R4.s.{.....xw..=......4.......D..1>...K.(m..(.<&.-'..

          C:\Users\user\Documents\TQDFJHPUIU.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.888222717740189
          Encrypted:false
          SSDEEP:
          MD5:D172BE4A3960C50EED5158E8008D1DF8
          SHA1:D25D31B54C5E093908270FC35ABD6B1D891D1714
          SHA-256:8ECB08BAAE099073209AA7667D92EAB7970CC0735A72167831F2840B6C51448B
          SHA-512:E0327D2D435AAB4A6AF71B7FDEF6B06D59EA7D9B16681384E19ECD76A20C4927C270FD8CF44A4A5108B3B71EF710BA66E9BD29A5C9B836BDC95E95D0A0AE94EB
          Malicious:false
          Reputation:low
          Preview:.jvQ..O.c...!..!e<.j..i...5.4-........y.........t.%S......n.m..U:...XO0.Y.Y..h..]....6`M.c..3.1~...B..Kl...-R...x.u..D......4A.-.@,....$Z....n..!..^>.....!3.=...b]....Bx..[...@....f.1..*.x...e..h.7+..5-G._...S..L......BY)...l....^C.K./..,...b.i~.....q.N>.aa..Z.bcb..5...g=.......c...P.K.*>.X..iJ.J..-<...m`.r..>..e..4..].y..3#.T...=..<<.<G.M&\#<A....[%.>.l2.6...;+.....?....6X.*.....b.p?.2Y>Y..m.kb.....`K.K....v..!..z....%.q-....mar.&..!@....$....=|,.IC:.......K...o.-O.u.=.@.>..2?`.....g.F..cQ...d.#ht.3.P.{...z.]].._.....x..0....u..".f...^"..'.7G...&....8..&.A.)B.Jo.^..9....F....+....U.:..r...j...?...Z...f..1.c.Z$...eU..g...i.s.]].1z.tz.....<.K1.n+b.....k....x....c..6..E.B).`.H..Y...%d..}..`z.}.+.._..N.+-.~U..J...*r..mB..!)8.O0{f..4{b5]..J..Q:.u.h.b...S.,...f......2\.8....7..%.....B/...w..[.:.......M..b.N/..')(h.g..d.$.F..P4.E...*..k.{%....O...{..=.W_Y..j...R.g...5..29}....U.........1...x....#.W......I..1....o.....D..}.R..e+......{...

          C:\Users\user\Documents\UNKRLCVOHV.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.849987472353972
          Encrypted:false
          SSDEEP:
          MD5:C73A27B0B2A61C9F44F01901BA661BB8
          SHA1:DB4C016FD21C373510DA3135076388EB124A3833
          SHA-256:52F9F53807481A5E9E6E4C2B742B73D196834CE25B622AC643542FFBCD1E3902
          SHA-512:5A237956BC504D7F6B92D9272CAE56B45C2DB9D8F617BB8F4E0064A752BA1EABEB90FA26996CB6C3908BA090CA6503C0C10DCB98C466ED8FDB553D01C378F021
          Malicious:false
          Reputation:low
          Preview:..I...z+..8......M{n..vj.1%...h{.'kE.q..X8X...O.O.c.....[#(...X.~..v.*6:.-....#..8Y.3.[.kQ.pD .........Z.crO....[,.dV%....v%?.Z.t+....y.y.a.....Q.;..3.=4o@-.3.+..H..i.....b......G.[..F..fHG.XY..E..3.;..;{..cLH..i...9.A..2.l...e...2V.X-.2..Gh`..2..[R..0..|hl1..@hH..{/?..b..t.o....AA.iy4.X.......}.Df......r..Y......rfY..r..F?b.B.@......W).....h.+C...?.Ao...B4../.>.4....2.(...4.@.JZ.S.C.1L...Fa.7.W.a.QUI..S&.Vi..H......A.w....g.).Hr...IuC@&....G..M....>:...U@\..._..".....1x5..g>.R..C..3...5.....x[.....V2......X)#..^..k.kr#...W....t..g..M..).V..j..f...#.......a..[......IfLJ..e.I.}.7}D.4z..U...........Er...[..b..u2B..hC.c...i.]E.L.X.4..SP.......&..s..v&.'a.h;@....A40..}5n..ip......xz....L=*...W..d....fV...Ld.....o.....~.Y...."...=5.TiZY..-.....". &c..]..xT;1..w,..<.R..<7.........K..U0..v....:}......?...t..,...]..BJ."..-.:.OmA"..8*'...l.-...lz.....t.]G.fpx.b....A..O4.^....6..?`.Jd.....pFY....74..">...Jr...._...P..f.....^h..).......4.2a...g.6...g.o....mvo

          C:\Users\user\Documents\UNKRLCVOHV.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.867697606132548
          Encrypted:false
          SSDEEP:
          MD5:1E4621A45A331DA7C193D489DC14EEF0
          SHA1:9D8770D4536D834E4DE0CEC731C999AD90BC6B0F
          SHA-256:748829AE6C8B08F173C80A52DB3AC5F84F7EF43494CEAC6F43B9784ECFF3EF4B
          SHA-512:7B3969FCA1814B69E2E156B1A746BD807E8545C37FDCE982BDC9500DEF5C294E737989B3F8F4A3320D0C5692E4A6AE1622F37D26B765717B7E6E38391337B0A2
          Malicious:false
          Reputation:low
          Preview:}.Z.\...PI..f.y.......c...1.."&...{....3..@*.....6#.^GVqW.8.......r.U..y.t~..Y.3......b..,.v..qF.[V.V...YH.._B..!ZF..f....(.%t..e..D.Z.7.......K....+u.........$.w..&....2.^..2. ..y.._C0.TVtwG#.J....l.z.^%j.\.6..Kvn.P..y.....-..X.._T...S.Q..Y.}l&Nn.....[q.YNm..y"5..'..c;a}.f..M...6)*;....7.-....?.......\.C..A.}....\..}..;..k.._.t.?...|6..IsOF.a(....SI..D(.Y..\1.........z...Z.,q!....P+.l(.8t|_...Q.........-..M....k.'.5O.Bl......]..#..e.rq....,.;...K7.D.AK.r.X....&~!.../o..h..c..3KHM.{.|..A.zm.E..=...y.!..2.E.lH".=s..C...!.K.......Lj!.3c.2..F..s.7n.3D...;..../f..$....OJ....k'R.=.."T..BN..<.....z.....v...A.z.....h.9.......Z...N....W.:.p.W.cSB.(.q........u.&>.....e.{.~..A....D...~i.....:.@..U.)#4..Al%.1'g%..{.m.*........."Y...j.r...\TkKdd..4.[m..o....7:r...C.......8..=...lAm.L.J... .`m.....$..'....f.#E\.....G..%.....f.&..c....i.Z=.*.......-t.Y`8u$.].xv.q........\R2.h.I.a3....>G..l.......*.IZ2....G.C..~...DO.||...J.1.!eM...Es|.w.......W.6..

          C:\Users\user\Documents\WSHEJMDVQC.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.883451617985511
          Encrypted:false
          SSDEEP:
          MD5:8DA4817FA931DAF523A711A6BF31C0CD
          SHA1:735B96C5C524C10579C753D206C1D83E15C2A77C
          SHA-256:6B213192657D8D98329D47DC985994B1CA8BE71B305CC84648C32009C4161801
          SHA-512:801B7E49CEF22E09BA3B2DB979FE6323C04C9288CEC02D523B6A2D7C4B44BB94ECF33969F293D689B4DB1A845FEA770C28ACDD11DA565CDC236E4EE0B31AFB85
          Malicious:false
          Reputation:low
          Preview:=,.P....<.s..X.......K.j.7G..j....c'...}..{A.b.H&g.v...J..HC.P.oJ...u8XN.vH.a.xn..i.As.....e"...=(...T......4R.S....7......Q..ZQ..P..7e.,"wB,;2NY....qD.-..P.`..........:.}1...E...K....&Y.=....0(..1....d.....P<.9f.._S(x.W.q.)bJ.NLSP-...o.5|...'.E.f>>...Z...Q.Gv....m-3D..x.s..I......@.Ym)&|..,..9C..`.7.)..1.'Z...|...i.TE:.A..d%.Z-OfYJ....c.F.....3..........v...9....... (aG.@u;m.V.+. _...%...."......q..j{..m......|.s...X.......L.\.*......A..A.MX.w..3..;.0...0..k.......p..:."....C........~.....uz/.^.+.C...8..+.F. Q\~.......==.u..\.P.0....Z.'\.=D........G..../...c....T.*.*5.B...U.r>.I...]0.~Rz..6... ....+..{...a!...lh..v@.j-8A7<.x.....Ua.&.......V..?.Z.%...P..?.9.....5Ef^...g$~.K...[..GX....h.Tp....L..sw.a.7.|.._.).....rC.T.:!..o..8..W...6<.M.4./..@.t&...j.p.p.+<...<..%....U.~3.........qg.><.!...{..VU.7.iz....t.....<..k.<P..Ym.&..0..&N-...[s.....1.."T,..K....4..............6Z...5...z..<!....8.=..@.*t.A.V.....O.....V.Z....O.k._=..gx...T..12..

          C:\Users\user\Documents\ZIPXYXWIOY.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.86254210166756
          Encrypted:false
          SSDEEP:
          MD5:529CA9D2AA88906F85FBCE4AB8497BF3
          SHA1:1992B98B35D33639544E378FB35403B2B66B8BF5
          SHA-256:3420FAD49059D48D0FB73C312349BAFBD8CAAFB18019AE14202E7D57AA56D8DC
          SHA-512:4647A5DAEF1CC97FEDA6703B082A96B52F7BE145B870939FB009016A920E6C0FEA9D36BA1E6EBBEF8E7C987EFBDC885C8A0F6EAD62311E0CA5D4032F3A4F0FBF
          Malicious:false
          Reputation:low
          Preview:.......E..d5../.".@(7.j.O.O.y.P.Q.>[I<...$....$&T.d.d.Ap...[#.n.z.......E.}}.J..v..w.-#G..g..Q....q^.&;.....#t>q......k~.........'.Kj..J)".....v...?n.C`+a.,nx...b.G=K./;....<.....n.Q........on.?.../.y..~..d{.w.g.Ts.....j@y*...?|v.......T.-.~.r.n=.b.QJ[.-..$..T6B.D..\n[.M...I....e..z...N..tnx)5..D...em.6J>g.".cZ.....6w.B.Q..Q..Z.0...p.e.2.j'..f.....Q.bQ..?\3.c.S_.nkFM./^..EM3........?....H..H.u..{...\o(..m..............?..=..UQ.{>..$...{tB.h..x....[...s.<P...*V............Q`#...0..w*e...g.Hx.....H.uZ.@....nw0p7+...;..J........._.$..h<7...b...>(..8p...)oQ....U*.w[H".S=)......<+...Q....0..S...t.O.1..]..s,..&F....L%......z..U.....}....x.r..........=...EC_.[.I...I..p.#..M....P.@}..x.!=F......Z..y/n[...,..v.P".X:..^#....c....."uv...{....q'm.<.>..B....vO#...}..1.^....tN.Q.<od#.Y..~2..?....5.2?.I'xT.]M...=l..\...>...OZF...y.[....<:GQ.uO....Iq@..F....(.....O.A'}...u."<..#..[....R.J..6..gn..l..5p..........[.mk..FC.t.............X.k.v.s..T...kIy..Z

          C:\Users\user\Documents\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):944
          Entropy (8bit):7.793118264757692
          Encrypted:false
          SSDEEP:
          MD5:E14DA94204192EA5A6A7BD3876930E43
          SHA1:9DACFF67B0AF4A98D03B5F705BD15215D9251FAB
          SHA-256:08E08D9B181A9225E44A2CF24E623784E93EE21075B63FE6F31568C9E81DE4E9
          SHA-512:FF98A196D3C5FB6EC8B94D28288BFA4EA06B3FE29FA48508FAB3DE3CE955258166A140E2FD770B304217972A03843E4E85635A62EB6B3BF49776F6E4907EBBC9
          Malicious:false
          Reputation:low
          Preview:.q...C...<:.....'..`..^?.b.........$GF.K,.B....u..z....F..H..LPW.g"......:..@..Kf...2....."..n..,...#.PQy>1Bp..W~.K.*.X.....+.. _..".......&...I=...R....rB.!9m..#.....~.+.j.MB.HOb.Na...j....~?...~..Q.......A....f.....$...Cz.M[.l..i...8^....UJ./m.lgi...bS......5L...?..y...q...Vi.b@...U.j4..U...mw...._.8.Q_YY^.-7{...Q.;...n..os!n.X7H1..bA.:.<..~R....:..*...N...X.X1.-....b..}.<$m'[.'...?=B/..-.......a3...gfo........l..../....7`.X.p..Q.VF..9.&c......9.....55z..G.E..^B..<7...*..a....di]/U..1. <C..L.d..v...M.KW..W. .l..5>.7....!..*\.,Lc.OO........t.......>/....n.%.E.{.+..0.K.n...-.>V...~)t.z|..,.mR...7.B)....x.Z@.;1.$C....3.t...B...j..........2P'j..E.p..,?.F.x0.r{....*..L...elf.....->D.y.-R.I...=......'..hA..%.X....F.n..j....@.............T.e.!x..T.f...OZ.h.X.YZ..8,..'.....Z....>..#.....%~[.f.d.....QTK...6....C|.bU.h...G.P.`?..Y...C.....>..i.o>eEy......f4.P.e(Qe.ri.N@B........d.......

          C:\Users\user\Downloads\CZQKSDDMWR.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.884467380522948
          Encrypted:false
          SSDEEP:
          MD5:0024C95CFCEBEA58A70FCF3F1834BE03
          SHA1:420357D809BCBC957ED5430C459437678FBC4371
          SHA-256:5C32412E20387501A14065DC994F3169211D542D609701DA30B2A5CA08BEF50A
          SHA-512:7C75F594655E6A3DC6C6CECFC9506B8AE8A6275AAC815B12D0F977765D31312F3FFE296320DF1AD7EFE1072CC2C28E0F1BACE809CDB34B1A8E80A501359B847B
          Malicious:false
          Reputation:low
          Preview:..L.V...)*.........*"..!Y.T.......4#.r....).mQ.s...[.TL. d....y#u.d.....a.....6C......K3.... ..y1.z....*...o..P.f.#...`0.p&...H.#.q.:./:."l.X.V.~.$...y.oN..ke.....Y.....y...o.....U....6..S.!a,e.[.....P.g.0..K.........3`.b.F@.N..8...=N.Q.pb.._....o...i.......I.B..g..... ..NkO......|*D/P.....9. .z\9.7..e..L.....j.-.}..cE..;KH6.....5...r.T..9.\......n..R.c.. ..@.c..~.1..-..43^......Y.a9...*..v...[.<g".......c..&..A.>.4..n~.....)...0.....B.C.`F7.).2...}.me.G..]T"Lu.Ph......w....e4x...B;.....v..?.b.7..|.\.=...u.{i..44c.s...d...' -...T&...T.j........hc....Q.V!fj....>...6....Y<.2..|/......i.uM.%.*...}@.....bM..[...M."...mg.W.].P..e....Wg.z.~............ Nk...I._....J.._....UoAd{%v.3.}...9...t.G..F=:6.`*.......\..jh.!g1`.\`.[........|...'.e.+%...T.a..A..R...+..5\n.ir-.#.7..........r.*....RZ..,.?O.....Aq@.z3k...z.QE...[_.e..]....:e=mHp:r.v.&e[....$....qdj.f.0...H...E8.F.QV.x.,p?.)MX...J..5...~..W.....A;;....wm..d..Q/....p..{.0...,...."#.e

          C:\Users\user\Downloads\EIVQSAOTAQ.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.886334981816759
          Encrypted:false
          SSDEEP:
          MD5:4072B12242AE52B14336387AA3D04B90
          SHA1:DBADB69F53CFD34DDDF62C7359EAE3C516D4C7B0
          SHA-256:1A0918944ADF21E671CF687388B9466BEC8D037E68276263C0069357435A39AF
          SHA-512:54BC15D64903D01C0B34DD3DD63999B731B23F8F6B0200D176C6F29F436A3D4EA89CEB6CC5B0D1100C91440920833AA764E07C01B8A469C77E48E741F625E99B
          Malicious:false
          Reputation:low
          Preview:C^nU^]|..m.yG...}.....`h.Z.J.A5b..z...EvE.=."5;n...?)".}.3..4.M#";.../..(.3R........3"..ewGu...'&. ...0. .tw.G,P..5..k..k...o]..qq1...6.E0^5.d...%D...?.._r.........@........L.5R..t1..c}Yh.H...]+dO."...Q..%......z...&.~.H..=.Vv...8.y..4"...D{.J}D0.6.0..7......H..UW.D...%..=...O.....7^....q.E.Y...&.|.....?.x..0\z..!>%r........6......B...;..W......j..:.5#B.rW}.Ag'&.k....B._.l09.<.....!...`....!m....>)..O.0uo.....:@...I(.Yn%?(.6.j.|.....*..5...ws....7V0T..7x.G.kn.s.[Y9#8f.....-N~..3J... B..T.....$.....u;X.....-vM:.`"._H.b..8.+..<....0)2E.4.N.6....U+..F...h..?..1.<...]..:.v......m.. T.7..V*..[?........'...!.iZ.K.....;Bli.......&.W.Y..BW........m.}.+.4....1.5oh.4;.(.......7y%f,....hEp.Z&.?.....X+.(....!ug.o..Kt..j.c.o^^:./la.X.'@..P..8...Y.h.mA.../.......!...-=*C_.k....iE.....~..s.Y...|Xk.q'!.{t..;.....~M..u-.1.7...8.`'.G"OGc..:0.^.)>4...A A..1....+)r...i...v.Hv......+!......}f..E..3.`.O.S.4........G..[6.2a'......o0..%....e..1.?.h.8T...u.*Z.A..)t.7.

          C:\Users\user\Downloads\EWZCVGNOWT.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.870140212038151
          Encrypted:false
          SSDEEP:
          MD5:2207822A1B0573B6B2898AA47F0D0EB8
          SHA1:B319D9A0BF5F4459E538A4B9C1C3DF8D72CE045E
          SHA-256:CABA88E6820D8296329284F4D59C527531BC3ED9C7BDF5418E94E0E3CCE51488
          SHA-512:E717981CC9A6311415A66B26858FD9B236E43F00DC688DC41F60B30757A14B67443A2CB57BB16F4F0F1AC607DA38703E92EDFAF5E58FF92A96567B963B360BF1
          Malicious:false
          Reputation:low
          Preview:...Df.#h.+\.E.."..?..x.'..|..d5=C.S9.tM..P...M/eq.Y.r8...b....J.g..+...Z.......=..X......3.....!.\..M..t..t..]... .'..|G...6..u|.....6...hY......(.;....V..S8.L`.!.....{.....'e.&zn.d.{:.;...!........S....m..h..$WM..</.]2...zW]6.E6_o"kI..l......\......Eu..u...p#....|.`.T.7<..f..L.pj......Y.h..>.C..!.Z.l.U,.k..~y...3?..9.M.....l*...et..//xQ...'&$...Afk{....+].yx.T.P./....W./.tN7...jY.f.1.?...~.:...P...\]..p.,.E..zY..%'.p...mc.g..-.1S......U..I.F...m..>Eh..I.. Q.cE..DW.V...1A....N_`,e".I..x.HC..y..RE.2.YbB..r._.......3.F..[..j(...s(LZ.C"..@..C...F...nW.K.~.oh.0$...y:.P...$.a..].x........f.....(..L..O...MoA-.f...8.VkQ.<&.@.X..d\.E..Z..q^.......5.Z$.~4....3nE.O.#.....[..}f+.s.:..u..^...D.%6.WI.......w-..g1....<1.^....8...)$.l.S!%R^yB..B...!*`.48...b.S...1T.I15%.....$.BN).B..3X......BGzE.......`..zF5.4\R"......p....pa{.}E.....y5.....}S.n&..v_]!...N:&....T.Y@CK...g.".G....KfB..H._..F......k.1...........WpC..2Ki..s.4q8..V..B.....

          C:\Users\user\Downloads\GIGIYTFFYT.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8573076615674875
          Encrypted:false
          SSDEEP:
          MD5:74AB2345232EB123F1D8EC4C9F14F895
          SHA1:3E1C068B868CEB44D5CF17BFB9B8618ED8B11AE2
          SHA-256:D7122B189844FFAFD47CD07A61C606DE5C7E46276B9F8775931BC668BCA15C46
          SHA-512:6C76621D37932E04664A48BA2D2F19B8039F0AFF250BD7D409C46AAB0D91DC24B417A75ED0C47CE6740E9C043722CA159F30A40A28CEB64F5461352B81CE9F04
          Malicious:false
          Reputation:low
          Preview:..."jOd.".......S....."E.n.|#.z..5..7..Cv...-.C.N.O..qY..O{.{...q$.p.X[.....{.*..@.......0Ud.TU..8... ......wc.r3.. X.1.../_..\.T.W.;.WL.._....6.E..1..5.].&..R.9^GvP.......%....c.. (..j.G4...... ...v.[T..ztHp.....a.:n..._.-/..4v.....L..R.A..Byj.}..h.Y=z3...3....HJ....s[ 8...U.q.E]jr.?z.:i.......+. ..jU.!I..r.]p...S....zH.H.q.i....%.I.5.. 20...X..............M<.....^zdw...N.;5.8./.%....I.....R..=wTe|..%....m..9`e~...TB~\.m..l....C.:.r..06,4,..'.u./9.Yd..3:Bj..H........gl..y3...../>2-.W..._`\\h..........s%CD.....X.?..P].:.A=.Yk.......k.c.p.K..z..........f_.EU.....Q.0...h.J.....4.8hF.moX..VS.@.5......D(.u.u.:.<...Z..........".$...m.y).*.YU...z..6S.t.?...Z..3...5.u..P.%..Y.qY.z.f.1.2.....Bi !...q..=......n].s....?.X.Ph .9...k..R.....Z..*.].1.t.....)....3..Q........m.tj.i........?.U.$H.)....w..Vzl,+.....l.H....4'../4?....NL;s......'H.......B.3lD...;Vg\ba..`...R..}EC.Gy$r..s.........A.g.JY.C.`..$...%0.!>_*V.#![.%..0H.N..(cX...T/.k0V.zhV.t......>.&..w

          C:\Users\user\Downloads\GIGIYTFFYT.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.86348582105735
          Encrypted:false
          SSDEEP:
          MD5:17ED4C83EB8A888E3C59DFCDB7EB4865
          SHA1:BC6384F5A890BFCB00FC31BEB4B08EA2E236E099
          SHA-256:C1809335BDEE4CC45947ECE2DF6E46A0A580BDBE323B7AE8DC44D8EA4E193F2F
          SHA-512:362F4E5234E050DED71BA41C370C56C7164E782E9C3B4D9A3A8C192E47DE050A8931A80A73A288D9F0C96878A884094E00F9A7470BBF3D99C0C97299C1460C41
          Malicious:false
          Reputation:low
          Preview:...1..........O.../.P].V...fc..Y.j......J~tz.I[..x,.G.O^...ug.....j?..........W.5.0f\AF..:...c.....D...z$g'..sx.a...z...;.l..P0Fe...~7X..V..5{..h. .#...[0.G~..Y./......a...h.7.."..&.N.b.>......_...}....8...3..6....I.D.]..*...v.V.L.N...v......|...K.z...W...L.S...O..d.P..'...Y.....[..d.[.).....L.M..[..WJ..g.Bz...%H.7h..(,.E......69.. .3M...3..^.....tH..x..."..t`.&i...4TS.Z.m..6)Hk....-..T....f......8S...t..._v.,Mr.j.-..P.n.S].s..E..Nr[;..H.b.....C......Q.?.... 7..{#.....<...:.%.s.k..^.u.....XI..I.........dn8.e.B../..<..T.c/;.{...r.,....f.,G......h..T...v#..FV.G.%.Na.c....Z....*....pi\..[.^.S..uMx.&.J.s...:..@.>..T0,...%.p..PN&....9F..sIe....+.^EI..>..s.I....l../..f.Z.EIVm:...S.....[.K|....u...1...C.....M.."...m........wrU..t.r..3.....q.+v..n.....^...-+.#.......=n.p[Nz........(.+.f......Uvg...HQ......_....z."...h...}>H+.k....j.3.q!..[A:..r..}.=~.C....F.....[Q....{..x..z...l ...P)...B6..UL....m*.....<v.&E.a7.3Kf.2......y.I.._...&h.{..>.8.....\<04....

          C:\Users\user\Downloads\HMPPSXQPQV.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.8921061545895865
          Encrypted:false
          SSDEEP:
          MD5:C7FC18E8013DF2A5271002C2B69BCD24
          SHA1:361A5C752DEBAB536B3A80B5781EDEF029443745
          SHA-256:8328DAB8A7B1D2DD3D6BD0CB5417AB15DC5BE88AE96E1ADE2B04EDEE29F2D4F3
          SHA-512:183F34353D810C4ED4F4D29ED584E693864EB3F7992D3B0DB0EB0D7F1CCFCD602F5B41E3427FD23491495A18FF74A1DD0CE98B795730F5648391C74DE390FC8D
          Malicious:false
          Reputation:low
          Preview:..|&...ei...H.PR..Z...f~...E!-.6.G....N.t..t...<.(.......^....6u..E...4[....6V..@..G.Yg...<%..A.uoK..a.}...0..Y.2w...D=...B&.c..sF......U.|..}....,....YX.u.Y...e'...n..<ZW.B..#{0.....h._H.yD^.ID.Q.._$.#3....m;.J."...}..z...4...]!nf&...=..X..~...tP..B.).gM.{1....Q..j;.>.e....f;.%..C.......V.Z....K...>5.=}...+\>d....`L..a[f..S>#J.H.=..%.....M....!t.e!1....o._....?..A.....bv.N6.7..E.\.O<...p..:............e.`MR.R..)4W.5ps.........O....K(.|<0..9...@k.7.gQ[+.u..'..N.=#..w.D...g.#sD(.s5R0J.O[....%e.(..w......8...a.`.].5D7.^H.z......zs.......#.`.......(Q]2.n.q...q.!.;..2Ys..y...Y...|~m.&8...^>....f..U.{.8........v...9.r.(X`?....q..I..p.:.6k......9..sg.N. ].M.%...'......b@M....2&x.B>hD*>.oD....V1ij.}K..h...%.s$.......7..vs.y...k=.a.V......4.....].".....<O.ubd....5d./.....`~..j.i`C..M9....7.dY$...l.j..|.-].....Dc)...=.....l-.l..?.U.u%7...20...@.V./.J... ..g.t..w .........?Mh`..8Q.....;...|2>.7...{'..:...L..A.........J&9..5..o.'.?..z}K.....H.EF.Cf*.%.

          C:\Users\user\Downloads\JDDHMPCDUJ.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.865473229108427
          Encrypted:false
          SSDEEP:
          MD5:46E8823C98EED828191CB5CC1A4AC9E9
          SHA1:8C33F54F8752AE325F3B6E51D5C44C6EDFBF0793
          SHA-256:BD2A396FADF961816ACEE0EA6D3BE3BC8D9417B08BB64A4A0EA846D8DBAE784D
          SHA-512:872826E7CC185CF41F41248266AF31DD6844BCBDA6C176AE6B1CFE174296F72B66071D4C23A4FF6CDEAFDEB4FB5C165EF33372C6BF8811935B9DFFE5842DB787
          Malicious:false
          Reputation:low
          Preview:...#.H.._nf.j.O.]?og.M.........Y.4....V3....wW._.LV..N.._...u...}1..^...#..R..T/,._...N.AU3.J../.8..Q......9..mKn/.:.>...\VY......./..../.......U..{DL.M..Fq..+..O...-:...F..V...5....B?....{2Z..H..d$9.(.u.~ .N....{....=.D.i .'.R..........>,..(.{..!A.;8......<.G..E?...uX..-....R.z.0.... ......[.8.....22.=.QG.rU..C...%.N...X.D..);..B.*z......W..4..y*x...R......'.........\.@..$S.e5z...7.J7.SM......K.L.v\T.,H.@..3^....WJ...~.8.K.P.......*.p.........i..L...h..>.oI ....h..A.Vs$bd......f.l...[.......*.,T......../v.K...S..ERi}U.:.rb..0:.......2.....N.1....k....aV.N..0.wW.....:.$.$-.....y.E.....<>.\....G...i.!.v.H.d.cF......,s..8{.=..sn.9.N9j.H.`..........[.B.CWB..eM.....=.U=.;...Mg..........`4..&....Y.._ .?[I....,f...z6..e.f....gy...N......Y....1..Y.*.=:.Q..kJ............_Z%....{.<!vR...hZ^..1.$.M..^TX.j,.QC..S/J....L...QA..-QP.%9OIc..:.............BV.B.e.q..J..4$c....%E..R,c.p)j...^...?(....... ......ee...H......p....N.>.l....

          C:\Users\user\Downloads\KLIZUSIQEN.docx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.865262456656688
          Encrypted:false
          SSDEEP:
          MD5:72BEF72BC56BAFD3F082079AA2CAC2CE
          SHA1:B7DDDBAEBC3A814309624DAA6DBB0C9A1BB1469B
          SHA-256:14C6E7D5B7ABB2FB1BD32AA278CC2E88D846D9E657123094DED5462F19D0E90C
          SHA-512:0CFBCEE98E3A9100B5320BF1057F0B23213B956E6B5318D50D2CAB20CAD7AACDC7CB4B4C728E4D328A44EBA9C0C1FFCE8AA661FDF2239C0AAE63D19E3737233E
          Malicious:false
          Reputation:low
          Preview:. ........Kg.I...b..!S.3.S[4.;.)Y$..WVJ*.X.P..s....v...g.b.N....&i...FD..!R...L)T.<. .(]..|...v..5e...y._...t$..FHc.R..v.7..e..;.*..u]4@..Kb....c..XY..I.1...Q..S>}j?.!M..V.A...7R.@"c.....e..F;..+.iE.......R.,G.+.h...Vg.J.$nj.p.:....@3/L.....r;.....J..p.2s.m...4..... .d.;..).[7..#..'...nF.rnoW.F..P..}`p..W.mw.9..~lN...w..G.4.....G..a.M9..K..=t ....RO.*..>E..1.K..<u...7EB2XKK.=....<Br..x....k...........W...OV.Qo/Y.:.l1F........D..[v...#.7HP.C....5 .Nf..y......Th.4.h~sl....q.@..=@..:iO..s%.NY$w.@....Q.j......:.g.#...1...b.r`..T...Ur.....3.dG.23.h..9.u.........)M..~_D~34,.lN/.....S.{.....vJ......N.x.P.....`. ..4Ka.~Y..h_.b...r[.X2.4........H.y....).........7E..<.....mF...b.".93.......Jtc~..........{n.TtY.D\.[n..rQ*....D....0.~X..R..J.}.....jy..%....q.I.L...A..y.8j.CfdyH.K..l..Bd..V/.LG..P~{,..p9.G..L..Q.Z,~R...b..8.....$.,........8.$.}t..5.;.2Y[n...C<F...,.a.........D.=...t]...%..7 .7...$..,G._.uh_..X_...0.......n.o7.u....d<.....J.....z9..~..-

          C:\Users\user\Downloads\KLIZUSIQEN.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.869317567895743
          Encrypted:false
          SSDEEP:
          MD5:6BFCA27B499A4DAB769C4539EF23E2C4
          SHA1:91DBA7D672855E6804FF42062EA6A8C82A68365A
          SHA-256:6065E5DD87CABDCAD164FBA0C4EC2AD4850BEF7B36892C891E4EDFDAFCA889F7
          SHA-512:CD1F3EBAAB6BA1D712BB3ECF68406F5D153A23A28DB77686FC9086A6E2A3C19F5AE07F623FEC5BD3A377919EF651E359A5EAC2A2074F2DBA6046E075143C4AF2
          Malicious:false
          Reputation:low
          Preview:.I.t.e.........'....g.C.@...X..4.<....f.d..?._.....7^..w:.....2..&-.X....fGu.F.G.=..s..`@..]...0..(6.._....L..7,vw^>..:..........n>.hh.oA .)<.>...c.]>P.).\..p....Nb...X.p+...{....gP......+`M....^.31..L[..>......l.!.....c.....nRD3..!c...i\.a..........Ze`x..l.v...63A..K<...$.....V..._U8....P.[~.g3...l..>.W.)..........!...}..mT..}.O7X.<O.!.s.,..h....Q.^;.K......U.q.S..W...,.....w.V..i. ..N.0.K.. ._j.Q.?....^.....!c..K)......U....\B?...@.JvF{mC.)K.n..,O.|.....*....t,...0.........&......&.8........b..... .-.....x......O.t.I...P.(.........X.MF.$,).6........P..6v..6Z}(b..W..$.1..wg...D.......-..ot..._.~...F...S.v..2..`gaC5../...s}A.....2./*O..?t.+..|.x.;\.Z..5........i..o..?...k..f.A... .D.OS..).T.....E..F.C!...g.Hfi.9.3.V/{...V.0`,H..s..E.F..k..Q.x.idkf..V.7`.:W..t......o......+...jJ...2......JX....o.TE!........fWh..V..`6..#j...5;o.......#4..Q~N....)..\.....i.I.p........../.9.<yuCq"Q ..5.s..d&.UW..<B...+...{}>..D..t.6..o...l`...c!i

          C:\Users\user\Downloads\NWCXBPIUYI.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.86152045743863
          Encrypted:false
          SSDEEP:
          MD5:6D82D5608734F4334F6B765B988C2CAB
          SHA1:C6DE6077BB6E6AFBDF8331BF5D4D1A3106CAB40C
          SHA-256:012DEDC233F3548128024309CAFC4B191406661AD6429038E90269A14B177D1C
          SHA-512:C898294F1107BB3563C1846DAE6247BFD810D0EB532BA3D99003C9DB7B6C0C3AB04545080164A35D3C618D955D1DD3AE0C5E042CF254FB8329E12172DE8E5B85
          Malicious:false
          Reputation:low
          Preview:....nj.t[..|......IX.dZ.`.[./k.q.l.t..%....Q.......b.Q.Q.....*.......oIOO.}z..`.....:Ym....f...t>..........W..l..+.v@..R.{{...X...n.K^rO.H..|S.v.,...o.B.x.'.........v..Q...@]d..?Eg.tc...,.s.L[1..la...cto.....1....9..DK.f.Csv..N!@.....r.C{.|+.....uf...9c!..WZ{i.5.g.N..^.K...q.["....X.e*d.....A...of....[.j.......5)cxga...w%!..cr.J.y..}..f...|...e..V...|&KN2puq...`b/.....$...8.:.#Ub.[..l.....g....}...cU.~.D?...;i..^.F..3........a.Y..l.&m.bQ.#n./hg&..5.S\..^.hN....W....IH......R...n~.jh..-;.]..(V@sCm7......<.`.....'5.....cB.....[.eB.~Q.^...a....-.m.vy......?.3".2..[p...?3....W7....,.Z...m.Z_..O..{.....K 0....n..S.."..0bu.=7S.%&\.|P.Wm/i@.....K#...a.....-v.Go.. m..i..u....m.D6...8N.m6.J.i...J'm0..U{.......M..........~.T.p.c.O.W....l.D*.i...,NzX..B..V..&..H..u..&.,.........n........b.|..W....8g(...#....+....E.s.B....k.X.].-....G.i.Pa{.h... !...2{..Ga..1..Y.3...Q...F.....J.^\.$.^....2..J.C<.<RM.SZi....q...n.+.m..........?.`qFD.Pxo..

          C:\Users\user\Downloads\QCOILOQIKC.pdf.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.867892703980957
          Encrypted:false
          SSDEEP:
          MD5:CD117087055AC0FF07F8F5EC9965F239
          SHA1:5DECEC2799F6741AA88BF44FC5B87CA8A14AE732
          SHA-256:B67ED419089E4C14ABDEF3602403D485EBD775866312C68F97B076EB5BFAD317
          SHA-512:E9D91C7CA2CE9BF6DD801F51986795CB6AAD9516EF4585A0F271011DA361BD8A29A91B393476E678F9F6C64EA0A84C12594ACEA3034CF52B1DDB1565C194AEFA
          Malicious:false
          Reputation:low
          Preview:...s.....`.+...)Z..........|. ..s5g.7'.]..z.oSu..S.....<YQ...KCJ.Y.G...3d.:...r..p...;.J.%u...r.zf.Q5(.......WE.3..0J="$...U.B.L\....w3>v..\.37.a.e.W..w..$.a.._..d..]..|f.z.+..Mq....TxJ. _D...............1....R}&....e<._..~...I9&..PM.. Q7.o.<.....I...U...K......E.g]r...G.. $$.|......J...@.4....x4"...U.Hm.."{...?..3..$k.....-.d.....+:..K.N....[.g.h......[s...{g....i....G..L...Om.W.:...F.gD..qO.l.~.>......\;.x.9r...F...@*tWh.X........DO....?.VS....m.].8..o"tv.B...1.d3.....YQ..%.........l.c...^N.j..&WW..o.M3h.,.&......1h.}.."..g.e....M...+...f.s5..s..Jc.V.[..F...'...9i.D....I.4..$.@..]A.>..4..'8jcI....N.R.....()u.`...s.k...0.Z...K.m..I....$)L..(....c.l...yN..0qG....H.q.......C:.H..N2vw.T.....b.....#P.7.L.#(Qx.D..ZT.L.Q.g..R..f...B.U...5}.. .k2.l..Dn.B....{((.J?..O...z..2..j..15.......(..^.K..'..^..h..Wb.......k'$.>$..x.....`...G...`.QY.....9.B...3.).$.G..t.....h..v.<#9..a.[r16.V.0..+#.....*?.../iI.5.NF....o....8$.5....S.FcI.. ..x....{....1@

          C:\Users\user\Downloads\QCOILOQIKC.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.877536998600441
          Encrypted:false
          SSDEEP:
          MD5:64A8FA901B3ED0C9F13F3F421D18477C
          SHA1:D931EF8C6D6BE2F90596C4AF0D8293FB8E443EC0
          SHA-256:01C0B38974563FD70F0EB98721152D057B7E2F088AA972B89B2FCF0535FBCBA8
          SHA-512:B59E605326A26EBDCE648F8B33AE2879AD0521575AA7DC19C271EDF09EF22B356FAE0BD9FB3B3A7BB73A60ED8F8F9922F8B92568B56E81BC0BAED43E1B700F2F
          Malicious:false
          Reputation:low
          Preview:...cf .C..q.;-..K.Ws.........=3..e +.+.....x.%...*.#.4w..~.u...J..:..*.....8.....k.D..c....+..=b...Uy..~-s..4..*...R*..WJ.|.Mo.cI.w...3o.@..v)..K'...e...........z.........~.2...E<0&.T.h.&p%&......|/|......\..8Q.....25..s....T.!.....8.Y..o....K6....}l"..%p..PC..G.&_......(....]6w*. e...."V....K......:..>..W.9.7...H{...".....>y...'...vrKKZ./&....z.7.~.(.7.3....j...F<Y.&.....7."X.O.3..........>..y.U...u..p.....3.^..[?v...G......<x..(xt#1.H*..B.....u..R...@..?.....9.`..I2..}..Z."....@..g.;'0.L....[.I7...+.{.....W..ZX.U.5nb.[..A...6.5m;.....b.c.../...v'^...F }.6...*...p.W..W.M....WL...vF...w6Oy.k...Ia..q...n/...p....e48..H..M1E......^E.....s...;..5.I...[uPd..Y2..6.5...#....Q....Di.. .......4..$...~n..t`.cI..GO...4.L9....3.3..w.c..iw.. %.*..iu....9..S=..j..0_~....}X..I......N..h...Y8..|U.R\...,.oxzgT.....l.`.7....1.]..P:.1...7.T..#..D..........A...&.P*....,..TIt.q....l...wPf.......-.9r....z.>rJ..G .7......>w...e.r.....6.J..8..5....uY.j\;...

          C:\Users\user\Downloads\TQDFJHPUIU.png.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.865052762600258
          Encrypted:false
          SSDEEP:
          MD5:9275FE1E81298A370A0ABC0B2883A3FB
          SHA1:483363DD74819323C8FB413D55301A76E7E0BA14
          SHA-256:30ACC128410A9FE84C9D6372EFC4CE851D9BFE2F16098F948CB2030C0AE07E29
          SHA-512:7947CEDB87A927E7B6668E89F3B05C67D1E03B9877E007345DF23A1FF193730876496B16CA71706B071A03C9C865D20C7E343F500CE6F94059A9FBB48E42C130
          Malicious:false
          Reputation:low
          Preview:.ZL..$Y...LJIS8.<T"..T.~-m...og[....c/.p".n...h.4..~....h%..O.0(.tY..q.Z.HO........*....)......Z..n.6..$vh..6~#.j....Bq ...o..VTG......m.I3....)D...Q6..uo.r..s.q.)..j.P.Q....P..wPjV.ob..j..i...@`.x.r......d.p.u.|v(..9+.....`....p.$.l\....VDI......lI(......|.tdu..aA..4\;..Y.X..M$.i....7.GR.j.'..VN..q^Y....>..WH...0... .WG%;EB.P.0Hz....s.k..N.8.Q}.x.tj-.J.....81.o. ;..OpN.sq.......g.b M)..Y.cji..+.I..-.....[d....!q....>...o..s.)....Z.BA..~.z$....9...,......jj.`A7.q...,b.+#.1O-WzbW...F.......[f.......#..kz.NJ..1;..b..|..'".:.b}..h.....1Z..\..$.~R.zx.#...*..|.!.|.^\.ml....5T[_o......d...X.Y.P.f.b..$m..hl..>.VV.....D|.o..T.;7O+.q.w|...-..R......!TV...~52.d..y..Ot........prqo.....:....9K....... 9........e@...Z......2b..V.w..%|.^.....}.sI.>.l.B.a#.'.$f.sE.(;a..S.!.>9tk........,..A../....~..*.#.c..{..;...n7.....q.8.........K.O..?...2K..;:.t.e._/.._...\].v.i..H8Lb>Lf...m.8.......:.....1r..1...H...`..PU..].A=.....1.l..+.....W...u......m)pU].V_.

          C:\Users\user\Downloads\TQDFJHPUIU.xlsx.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.878142348105912
          Encrypted:false
          SSDEEP:
          MD5:3493072D00D89CF0528C1B991915B6E1
          SHA1:2781F7542FE5AF499751FEE3DE117EAE8C1AA5D5
          SHA-256:03425DBE2858EC3A570E6FA8B94528F31A451F3F3A1D2AD66448B8479399C159
          SHA-512:6D0CA6D15C211B278F3F1456C0B048BFEC04EF76EF448E0EBD4657100E150B4867C2F1DD1A82A8F6AE50DCCBD9C80473103266EB36C6A2D3135ADDC95214443C
          Malicious:false
          Reputation:low
          Preview:LM...<l.f..l.......l@4...|!...H\O.....7....8....x.90.!.....&.kZ.......}.Cv....p....]Z.P.]?...c4.6.q.[aI0.y.f...........MD.K2..dk@...c..W.......j.({.R...e.y...*...<.X.X#/<.Y*.&.Qz..w5.....v...C. ...b,.o(.EM...a....y..2....."i_.,.E_7.G`...E..AE|2J.$B......!..Y....].Q(.%.R,.Uu.J.+8...o...*Wc.*3..h......:$...j.......>. .1.0.b.dL..P_q....?.....(q.#>..uT.|x0..JxhP.Z..#'KN.\.A-5.3+4.z...M./X...[.G..<..q.B.......N+.b.{e.'..t.$./....{.......7.......Oe..l9..1.[Ee.D.I.....o.z....(.uS....K........-....`..yF...+.U<0F..Jm....`.JB\....(Wt.{~....$...J..J.....'I\..U......(8.k.{...g..}G.B..(..$.B*.O$.{.4...W.......J.~.'..G..[..f.y...A>./o...2......^..)v.l.+..6........v.{..D...z..2.......;.z..........?.!.t.?....R.s.U#..T.x.....X-.C.Zf.....d..;4..8.n.G..pX......D.:...z.H..Jp...m........vvk.a..:.GE.4..].).!6H.A.l..&..fv.#...`.{.Q.(q..KJ.:.6...4z.0s....`W..}.N.A....L.....L.[..0.q@.......S.^.`*..*...'V....J.h..R&+..P....[W7m.6..L.dP..2...)/..S{2pM`0..M......

          C:\Users\user\Downloads\UNKRLCVOHV.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.880243891898605
          Encrypted:false
          SSDEEP:
          MD5:A9D483D69406DB00899EC4DCF67CFA11
          SHA1:9E22C1A45276DD361BBB457DC75C54F5EE518882
          SHA-256:879B24B6E4542A38E00B69E26F91B7C82B1D7EF140E52E0B13CFA379E98D506E
          SHA-512:951FEBF2FC8154776179703A1917D913701AA83A152911D912362F2C055DD3656A49D240ED3F71F787DEAFA985538FA0CA40A20022BB2AC7EDA1DC41E234C858
          Malicious:false
          Reputation:low
          Preview:.).....>;.k....7^......<8......W..|ha..<h+.../......^....j}.]...J2FK0.....e+.,.9..1=..G...r$.1R3.*h..+8....z.dE..5.;......Z.Ed.W.b...j..n~.[$BZ..u{)@..`H8..b........Af..N.3.....U.c.......O..sD.x.`jV.,D...*?..h.X.}q..6kg....q.;.j.Xf..3...4[......]..wv*.4X.>G...Bv$S..@Y.Jgi..1...x.?*.....n....s.9......_.;.?..w.... ~..`...s.5u....,..#.|.%qQ4 ..Y............h......G.r...&....cH.|`..Hd..Y..>.$.IfP.;.7.7......qyJ...S1....iY....].f..y..)...,.A..\.!M...[..$._..T..n..wE.9pG.-Pn.:.>....&..7.../89...?bi.a...'.J.V.,q...\....._.j........*..?.vLj..qU,$.a...fh.....1..v.L.4O..U...))U..TP.qTi_.U....s....9{_,I..Ir..P..\#..WpG{...x..... ..H...}.q:..F.]*!~ .o.#/.w.q..@........4..)C$..j.s.N..^.?W...A......5.G9.].%..<.,..Q."43y.J.I.v..r.o.z..?..1.(.tv)t.X....zs.u.e.@.5....<..ADo1F..IZ..9....h...b...V.k....u.&.{7/.U.0Yg.^..]T.....~..*5.6..aq.AD.f..r.W.A-.I.H...#...>.....<6.C..|..}...U.>(XK.k....4..c.0..n.-..N...U. 5.s..p.j.W.....O..0.GN.f}b..[..l/.N?....}{R..pb

          C:\Users\user\Downloads\UNKRLCVOHV.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.863610156836995
          Encrypted:false
          SSDEEP:
          MD5:F92B392091D3BBB5F34118FDEB87812D
          SHA1:3ED8032CD547ED147BCDD85124D6733CF6B86329
          SHA-256:7CA65849178EAC8BFC30321849599823C154BE7214C095891DEA23CA10420093
          SHA-512:FF6672C69BF72EA6A0598482FBF49B85481D89EA085BF890D39A5CE8C5322076D364DA82CEB1C2E471B7E76932E2F99935B276D348AA79E8B44655883FEFAF59
          Malicious:false
          Reputation:low
          Preview:\G..54}._...+..?./wE.[........T.t....SGZ..{"........:w..U..'.UtJ..KW..../.C.....K..d..a+8.{..\P-...STK..\{M..o.z...1..tmW....=...`..&....h .H.C........Q?+[....g..-.p@B....c...5b.i....nSgv.H.......}..3.x...R..>.F.\.....g.65..-..MK..1..X`z.....|...@^t......;.......R...OsS.~0#\.8.........[..U.....OLU.e..R...Tv.8]...E..!..m..:(...K..lj....A.m.....K.....f.l..[9....?..d.....BX..s!~t%U...n@..Q.W...X..e....<.`^p..+>'.r.FfA..-.!e.7..B@...Db......q.U...T...$R~B.a..qs$.n.KP.......O..8*.s?:.lOT.......v.....Z.h......S@...K...y..(....5C:..x.E........v3.6.S!..zb..l.]e...f..l....D.{.7A..cxT&..).i.{.$g1..Q.......p.g.|AL..M.)..i...........U1.g.6.7P....0....\.c....7..Vv.A...............!/..Sk.%..I..m..eF..NI.P.@..S...:..I].....Y.%Y.3...%o._.....t?k.H..4....-....W........t..*.9.5.......f.@.d.H...+.t....0...4...}f66.18 ....SC=.e9[..N...%......^.-.4..nB....d...........8.<_5..[c.....1.Q-...\D...8H.....|Z9....f@n.>...nz.T...V..V5ktC..{.=..`B../........l_K.a.jqH?E

          C:\Users\user\Downloads\WSHEJMDVQC.mp3.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.884335902206037
          Encrypted:false
          SSDEEP:
          MD5:DC5E4154169473648030D1359E6201AA
          SHA1:F387F4FCCE20ABA6D0DD1D6CB6B8BD84A8651E49
          SHA-256:08AFAB495AB150605C5EF2CE3C9A37EB23A50C5FF96D2CC14D6D8231C7771965
          SHA-512:FC1511015B29EF5F1702A2685F2989B7FC3BB1D29FAB8C251A3A4A576CEF7E22003DF9BD7565297E2C47A5C0F27BDE565D14265ED4CB0292C4FF208D4D5B1918
          Malicious:false
          Reputation:low
          Preview:...{.....)...d;R..i.ON...R.u.......6FI.M.3E...V..(..c.=I....Dk....AO...a.u.hQ.].B.g..@\.2.....l....M7.JG...U...ABa.......Q....^..@...lP.......z.'I.?.H5.@"./.0...M....36.<....L.8.E.;u.r.8..42j.g.....*..E..7X.........d..3s.K.n.z..dy....<...y..@.....K..K.sm#....o'...o.Gf..-./...i.......3.D.....6#."...V....(./....B.{.O..j`....:.....H...=.(IR...2.c.o.e.....8...%F.O%.H~...}.IT.........R)..a.n3GY...j..PX|....AE....>X..;.P.W....Q...A.(...R*........Fl....x+L-w...n..(..R..f'..z.J.v.}v.R.#1\.$.U.q.......v..n|.B..\....6...N....h.H.YQ.5K-.p3...P@.....:v...1U.R..L....H.].Z....x.(.6T....L.....HC.......!m..!..h.....2H=.d..6..m....G.,..#....P6.x.a...e ...z".CP.$.W4[.LG.q..G..2TU.w.E8gg]....`v....x.<.M..!.....{0VXy..=;0......O..E.>.t..C..&n.V...5.X....f..I.b......o.t..Z.=...ss.....>".e....SC(.^..?...I"`D.oal..&.k|......1.*.).F...7..X@.t..d....?..s.e.-..I..B8..\..i8;).....G...}.XKx..:.u...,.@.}E+...$..1.i..f..T..0..n.C.6.....Do...l.J...&...Y.^..o./.....

          C:\Users\user\Downloads\ZIPXYXWIOY.jpg.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1568
          Entropy (8bit):7.891095922300504
          Encrypted:false
          SSDEEP:
          MD5:DA5F29086CA82136A09668A17099C7FA
          SHA1:A8C86070C1CD6406768CE8F953C5CF4CBCE1A8EE
          SHA-256:43935390A422B4E2D512BE5CA2E0BD7289E69F5F4FDD6B1CAF3DC5224C4FEA94
          SHA-512:B5ADDC11BFE553C1E60B5D4DC75DD9DFEFA9464C46657C9A49BA52D5C3D59833A8057A8478E85635705E6779D45B6E64DCAF15C4F7A41251FA47198704B3AA1A
          Malicious:false
          Reputation:low
          Preview:2!S.....B%c..5....t.J..4......OhT..K.3J.W@...f..rp..Vj..R6.?........]..D1.0.w.8A-.-.J.f..~(p.H......./.U.x..x.w+.v.0r..$9....EY...6.L.......3>Z.Y.dx......*...*....u.Rm.........e.5.(.*|...KOFSP.....t..+....aE.....Wc.|?..c_.8.....v..G.Z...d.y..fX...\..G...]W......G..^..k....|..y&Bf_epU....&..K......A.4z7..lFG...It.OC;.].|.HT....v..BE........n..R.....<.."...X.G..{......RO..8.a/5.i@.8..f.E....2..|f.)...|..p.#.JH.gi..zO............C.&.R.......{.'..c".b$.o.;..K{".D.w...@/.....;......sz.....{Ue.eU..?.....A....<.-4M..gf.....v...B..........Zw....Z|...H..9^S.......C......./..k...G.\)D.olg...?6...c.6...F..:a..{.......4b...[...%..z.s....m..i.B...+...``gz.K.......-"S.Dm.....1....QLX....9..&...r_.{..5.k..F......u(....S:|....4.(.,+.........F..5....l.Er.9B.I.Qw*.s.......F...4C..........b..S.....L....U..xh..3 .....IDy..T....Q.....=u.D.v6.NS..sj..T.......G.X....L.t...LM.;.4..V....Ee/.[%.6%XC."~...@j..6d+n...U.._...`..6..?..8..;......,.}..Z.2..F

          C:\Users\user\Downloads\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):816
          Entropy (8bit):7.732352597371548
          Encrypted:false
          SSDEEP:
          MD5:417F847DF0A9FBADB967E858C3CB199D
          SHA1:01F48F1EE22D5F65C05D8972674E2366156AFC23
          SHA-256:3033C8E9C83DDC11D1DA470A92C851830D5EF5D93BB168AED3D7AD12AF558292
          SHA-512:701A016E720B9E913015B193472907BAC2EC5B9E49B8C617BD85C669B76521590B400D7192AA66A9C1C88870249A23451EFB9AD8EA47CA82642FDE4336D7A8B5
          Malicious:false
          Reputation:low
          Preview:..P.q..m.9..8..._<..)..j.Z...E...8.N.' ..U.....*......C.......F..<.,......D....C}...rk...I7..u?F.z..U.">.s6{..Y.gV.|H.3.....wE...M6p1p....%......T.D...........".'6....$3..k..D'.f\b.b.$%.......G........T......J..-...Up.pt?..V..".w..)...~j...u..`.m-...r9+.$h$."Fm..d.]>.Wq..".!..j.(...)d|.Y.&.s..Iu.S........tI,..Q'...@.(...........e.~.......ZS...y...^...y......i....{...y.1..7..qx....}e`.SJ..P.B&/.1.h`..[7M.i.S..|f......."....5...K.c...Pf[.&....z. .k....e....R.X......jB<...m......K..E.0.(....Lh\X..a..M..g.r..wF..n...`......T..S.....Z.W.....>..b.It[3L?....Bw...@x.X...>5...F.i-6>3...........7.i_n8..IEv....2.G-...?ZbE.....G....wH.fh.Q@.......:.. ..U9.1.%....Yac...&....=/6&....JRR.k8..`....od.L......f........K....X9.....v=..4..].PE...2l...RP?...X......\..........d.......

          C:\Users\user\Favorites\Amazon.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.630306718570877
          Encrypted:false
          SSDEEP:
          MD5:DA9D6788CF61829C9E82108FE630582B
          SHA1:FAA536BC651AC00959EFEAE32DFA0DE515E107E4
          SHA-256:1E8C352425E56813D74E98244693633B0C4793B8E81FD5A01B44A21806052B22
          SHA-512:F504CC55A8E999E430AD020BEEEAFFFD855567E92C607703613AA5CF4A53E8D8FF5F74443A61BE34FDCCB43389D62B1E41C77928900900197EC713294C175351
          Malicious:false
          Reputation:low
          Preview:+.T."D......zu%.N.\.mV^t|(J..PyC......7.|-.{. A..\.....KQ4a...nx..k.`.|C[....J:.Vrgi.<<.....'.i.K<.........$.,.gG:~.O.#.......4...1.B..1.(.A.......%...r.E......~......~.F..0rH...={.qYL...R.:..9.4.~..B..b.a=a."..EZ.5`...M....*..a.<F.6i...".{@.8.....T..Y>K...v/|..4.f....R..}.p.=..[..i...Zm>..xF.`.k.^.I..g"\.P..D.j..5I.P........by..QJY.3.`..q.u.....L.K<w.0.........s.C....F3..K..L...iJzuF;k...Iy.a.v{.N..cU..@...a..1/.\.ymT.N...;@J1jl..y..L.........P.f.D....96{.ws...>...O.-.I\.._.._wd.....7U.......i.{.o.90..."^+.A8\kx...G[p.nr..\R....P..M+.....h......66D...._....R1...ry.<.6..n....>....X.EX..P....o.......d.......

          C:\Users\user\Favorites\Bing.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):736
          Entropy (8bit):7.690719726439677
          Encrypted:false
          SSDEEP:
          MD5:A9550B471A4DB7DDC639AE5FF547B70B
          SHA1:B2312F8270933B88C265E730FF68C4EA8545D2DD
          SHA-256:75D650FAFD58C80B93596C46566E006F8E0CA1A857B8187ED04106A6AAE69471
          SHA-512:2735AE2D7328B3594C39A4317BB1DDD6366D4FA2930C18D01B1D23B4A1AA2DD9E0DD432966E5F105B5D5477BA991DD83DA42B5891A60F4C3CEB5D1488E9FC974
          Malicious:false
          Reputation:low
          Preview:@...i..Fn.n.s.k..,}^.IA.D....Y..o.4.FU....S..j.V..I/.GW..d.9....m...^.j.$X.M..7..bU..6.....B..J.B..F`.......f. HR5..+RH....p..1p7;I......{)K..:u..;........F..t.1.yU..#*.c..(...r.....0".m.5... ......f{..o....R..M.sa~/.....e\L..h..cB.d2...DX..nG .B...ya.q_Qu4!l.n9.7.X..Y.S..GP.)...._....\Xp...K...R$j...;.8Ll..dD.....d....Kc..3.Y$....A...S5&.4vQ`g.."8.Kh....A..~.X..n....2Z........L.c.{.....&'..`...c+.>l...m......+...{...y.#+.._._.t...V^.....?...c...#a8QN. |.....&>..g.%..bb..A.m.XC.Yc..6.......)....M....s.?..D..p.1..E..3h..J.5.w$..#.Sr.dy......X.......v.vQ..HG....*.Q.c......l.s.i.0#nx8.].i[)...b.C...`.\S..>..........*..:.&..~....F.G.>C:<9..VIq..W8.7....t.&9..k...FA4..........d.......

          C:\Users\user\Favorites\Facebook.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):656
          Entropy (8bit):7.687283483299064
          Encrypted:false
          SSDEEP:
          MD5:403B64B6ED13189EFE80133CCBD95B89
          SHA1:CCFED87F1C79C04C6C3814FB0D32A1502CD2154E
          SHA-256:C32FBBEE8AFEBA437A9EAD0ED75E1081ADC5B0123FCA5AFF6A39803C6005D0BA
          SHA-512:897D1E0B3A914873516D6570E266F77C2414E4BB0E4976F7858FCF892D0251357C5618E41A3D696AA50F9E3AFE075D051A8CA7984038166FA87334ED21F44444
          Malicious:false
          Reputation:low
          Preview:.'.-uVf._.Q9wG...%......|u.4.0..l../7.....P...w.v."....K]aL..h.x....&.M..0.Z..^gR..K.!r{<.?}..t..b.bS.....]l..R.)P.~5B.|. ..\g.L.....oeR;.P.5v..VC.[.<..a..>m,FH.......A......}.C\nl.2G...^.....]..6k...V0...u..e.vM..].Tc-L.,..Q.lwn..+...UYV..5$?_>.y.?.H#..+....P6n.FkO3.......=0..&..dm...9....M.B.w.......>.MDs...W..l.q...A#.~._...l.QX.............;.......-#3..)..!......&.....[4F...$....xD......f.n......p.&...M~Hy3.)).......).j....ypI/....o.....!./../i...*...U..s.Id=..l+=0....Rzs...H...M}.A...HB...A..P..... .....Z...y.#t(....h..N.,.7..&...%g..m.g...>p.R..G.~A.......]...u..!..-.......8...:qC>....#.'.hM.T(q.......d.......

          C:\Users\user\Favorites\Google.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.6658461705512435
          Encrypted:false
          SSDEEP:
          MD5:9AB9EB1E1B6031DEA0DC4212EDA88303
          SHA1:225DCC3551EFC852E9355EB5268A11DFEC6FF8FE
          SHA-256:DE242D69EF36D0148CB6878106B2153A9E70D01A148B9552238E41E4B4802442
          SHA-512:8D6E6C5F9C8DAAE3C4C732DE16D2C6850FEDB1E0789B52006C52B6D765A3D9393D61CB1E538E6B56900D5A648D302BA3873719BDD78074CC75CBC8CB73C4EF1C
          Malicious:false
          Reputation:low
          Preview:L....xIQ>'..0(.s.9...m....T....b<.._.C..O....s.'.....t=..P.h..].....v.......Dp.4~P.. 5....... .7{.4.X~S..b..{.2z.z..i..7X.1......m....Mn..N2...'.B.t.41.....VXDsei......n.^...QL..$......7.y.T..(..FR:....W.O..}.v;o.n..s9...c}...._..D... .E..`....%...I.g..{@V....k.?qA.z...Yif.a{....XY..6.....JH..9.)..[:.Z.).~J...`...._..4;T0.T. V...c......}S..S.BEs].H.E.=.d..a..w.R.V<...n.I...]r.".xj.B<.c..p...=.._.0.&1H.W.$G#.. ;.q'...r;A.(...N....n.......u.D#.h..)..b.........9.....(.5o@.... .....{T.......|gzWx...l...jXwV..y..^%?.ep.mB.eJ...!....'.H....e.C.Y.X....+..hWy.......m...f...$.aeM.$a$.c.......~..o.......d.......

          C:\Users\user\Favorites\Links\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):608
          Entropy (8bit):7.678092009926316
          Encrypted:false
          SSDEEP:
          MD5:9973D53E5B457F9A81DD05B922C5AC46
          SHA1:8624773057161EEED1658ADF9FD7E0CAE1C12DFB
          SHA-256:D6F9FF4D08B2959868CDAD100F6983947F81D9FCE00A72B8110EFD1E99955770
          SHA-512:87607E45667AAA96A44BB31795B92BA581EEDAB2823B73A814A0C48045F51E7A300877F3E449E1E508D9C3733C92C31CC1F2DF0B177A4D6AEBA0C5484C883F6A
          Malicious:false
          Reputation:low
          Preview:..}..!..sbD..|W..c..3...6..s`...'.......=.0...=...@.4..0.........t..m....rQ._.Z.z....I!%/..y....3.{..A.....B.;B"........<HK..i.O.k....MW..mgL.R.oa..U7.s...&"...?Nh.HR*t...d.X`>...C.P.D.T.Mc.........0Vz.a8...-.........i.....)?45......MR@v.~d<.#.u....GQ<................>........&....}.c.z.+.A........@...]n........)....fH~.9.zz..v.....u.....k.k..W..?2..&z..X&..A..VP=......#...ud.......1.:.9:..K..s....jJ6..~....<...?q.3....m....r.jI.......2..3..`.}.a.<P<...H#B...p;F5.jIZ...Ac..-X p:.........9v.....?'}^R..h..V.O...2.w..B1"C(?.xv.l.N........<..%.....H...q...xl.$P.......d.......

          C:\Users\user\Favorites\Live.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.71863723903304
          Encrypted:false
          SSDEEP:
          MD5:B5E2FB5BCD84D56B0BCD6F6173DD3E49
          SHA1:72ABFD4EE9D7F2E4DE926460E5A22B0C5FC49D5B
          SHA-256:51DD1FB3ACA27F47B865C134D5CE1A93C1EBFD8F004E2EDC4A0BEB8628D5B94C
          SHA-512:A0B0578D39FA2EED4CC843B543C410030E9011C8120637B0175FE62103B3870B82504B8898A54E192E4B74FA393EE4FBFBE4B90D10AAC144AB98D46EE7BF73CA
          Malicious:false
          Reputation:low
          Preview:....2....V..{.~..Qo._<.1.[....{'.I..!.A..2.....1.....AT.CM4..E..........N..DOi._1.<:..."..zW.e/Ly5..d<...G..........V:KB|...........r.......m.$..rg.qr5&...D.^....h.y.y..i..,.....p..7....B...>E..}...r.W...bJ......(-........|.....O...t .......q..k..~.(..&.LVQl.].z.>.h.)9t...U.....f...q.J...M...l...d.Pa...'o.......GDV....r~.Y.&......8jk.... ...-..o*./.$..3..~.:!..R.><.\......E......../.?...'...;.n....(.ox..].3Aw.I..J..E....,LcR..nE.S.9.k.}.5.?m{..n@......q..7B.$..B.e..8Z..s*_....4....w....T.....J.{.v.Yb.&y...+k..Uk..._............--b.[.].%....o.. ._w...1J..i.$c.`...W....k..+..B...Nq..qu3.m.......d.......

          C:\Users\user\Favorites\NYTimes.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.648743801664514
          Encrypted:false
          SSDEEP:
          MD5:1EDD581B94BDA82229120635486DE56E
          SHA1:456D5993B29FEFAABDA272165DBA76CE1BBC1921
          SHA-256:89B5EF28CEA4F47EB31D7D23A3FFCC6E66C9C3B490BB0BA53077C6AE7F0EF480
          SHA-512:9D2CB8072047B8F88B594FDE2F90964B6DE15510F9232C7DA3960A8208B0E6E7F5DE0CD92BC0AA0DF138E2D609E523064C556F4753921121480E3EF501B0EA5D
          Malicious:false
          Reputation:low
          Preview:..........T...b..X.l......N.\._..8*.....-t......o.\..........${..8.......^s]^.{.z......m.5...9..HF..].....3HFh.2...Wq.@?.uo.9.............aH.g..........."6......'.#..G............2*.=~..*...."0..M..2x..v_~y"..Qs...3..Y6.VX.).6...t.U..n....3..s].p..<c........M..^.......*.D..?..kc.f.<.aklp#.....3......H0.....'....#)NW.>p!t..Uw...Q`8D../.BA.g.....G.(..U...1Ysx-W...@.l]G..x..O.._0...6.2I..z.T7..`...$w..t...x..D.KdK......&..y...\...!...\.L...h..7..$2....*.........&M.t.....H|..)5v+~........*ys.v..~......IC..&xi.....pbka..............s..{.k.....v$.I..zB..?Y......LS..cx...w4..s.A.=.)....;P..J.N.p.......d.......

          C:\Users\user\Favorites\Reddit.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.671523868483588
          Encrypted:false
          SSDEEP:
          MD5:CD615BF5F48DDB392B379F141D16AE20
          SHA1:E9243BD2BB2857B8C66B17C10C2B33E044405D13
          SHA-256:6F1BB1CC35D0724257C3534763FADDEA70A016022BD8ADF164A71DE667DC8400
          SHA-512:FAD7A16597F7A996BDD2EF93E81CF971090B26F641CDAC8C954B0BC3EAC95C3B2A1DEACE0F80BF0504D140F45F01F0D3BB00B596649E72309C50EFE7C5CA8094
          Malicious:false
          Reputation:low
          Preview:.,.sy..7....3....NqOC..].UW.6.5.....[j.$Ca.A..J.T6..\...{]9.;..E....cQ{v .......$.[.x..v.."/...`4+g..QF..>..l..xJ4xC....Bbr7/..d..^T.n.2`. ...........f..Z.XY.{..........Gz..u. .<.....G..].>.!.T...oI|...Q..|NL...-.f.hVp.@.KP...x..g.p....I.B....fu....FI:.25.H9G.?.o.S....3r=.)q91........:7g.?@${.G-...w...U./...eG..fp.Ow1...rg....E.AP.'.....{..g.1.....q.[....Kx..LCiC{"...l.....4..ABX*R.a.~.I..u.......|cv.e.3}."].o...[...5......#h..R...L.....Y..].h.....f[..u.....4.v8"A!..k...`y.....A..Xh."n.(r.+...P..E...Y..K...#~.....g..P1&..)...k.<h......"...u.Kl#%h......y..2...:..u.DE.....c..7..MC..Q..Z..g+.o.......d.......

          C:\Users\user\Favorites\Twitter.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.649450044547744
          Encrypted:false
          SSDEEP:
          MD5:A8F79068CCDD964F8C27B0201A04A3D5
          SHA1:AEB92722A05DFC90C5BDE86912AABD0CFB381568
          SHA-256:756F6937C04145689206F46B7EA9ACDB205289F035246D7B3F445326CFA9CF8D
          SHA-512:E1FD60B0F45B0BF4BB39B413FA2C8DAE2B97FEC29FBF5A829879D99FBF19784D5639EAD45D7D255F1B11B05F0CB025D88F301813798D9B4CED30377E8459A410
          Malicious:false
          Reputation:low
          Preview:...J.|......y.....x...(.U.vhI..4...[6.:.Z......8hE.#.k.$#rT..\o W..:.q_@..y..G.2.T...j.3..`MY..@T...:=M..(.p.Z....RV...[.L..w.....3.AP)~I.f8...3#.{q..m.-..Y<..$.9.R.huc.1......-.k._..`.".....lxk..G..Pa.@.......I..-Ewd..[.On..E..C.<Y........[s..c....9O.l@.h..GE...I....26....^'//@.f&..V...S1.C5.,..;..........2.u..)8.A)Ng......uv...y;.p.M..C.e..s.......Iv...m.....R.2_O].F..|...d.3.'X..E9.I..O.....G;....F..;6.U..?.......>.N....z...1.+...J...1..Vu..M&.B.T@.i............qV.a).D...W.. ...<.U8.T.?D..<T.f..&.....-{&{...>.J...PQt......B.tI./.k.y+.b%B/"..e.q..)T..&5..>o.{.."._.....f* L.........f.p.......d.......

          C:\Users\user\Favorites\Wikipedia.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):656
          Entropy (8bit):7.669394249315056
          Encrypted:false
          SSDEEP:
          MD5:99B8E50C5698D58E58750DDB5C643340
          SHA1:A80D141CA3468A410A5517AED71DECF251FC8BBE
          SHA-256:45E277FB8F49D488FB4125D29CD5218FEDEA0A118999DFA9A01D0F4533F1493B
          SHA-512:5704F6E4BA08023B716C1A71E206006A67E0CC0881C4CD3EC164DF202EB0803368EB360C86205E1982B88DF4F832110D92CD613B13057CF2A290ADE0640623A7
          Malicious:false
          Reputation:low
          Preview:...K.*.y.........K8....'8..JOP....(..y...j.....E..Y..,....<H>.........s.0...]........_g.i!.C.{5.#k.......VS.e.(.....Rdo.c."...............Q.1....g*..iw..7..v.k.h#..=.Y..'..XxG...8B\q).f..7`.....%_..p..A.....\!..^fi.f..e..=........).T`D.i....U..Y..}.|..<..Qi;...|..Y.$J..R.E..!0.p.K."......=I......H.......)..}.?..[..T..R...V...uW{T..... .?..UL.8..i....Rv...[J}.Q^.B..Cu+..0.w.yG[=-.9+.m.I......-[.S... .>..N?P...Hyx..F3...=..Iu!.1...,1Ww.7..b.D....H.....ZG..5...C...g..W..8_.. ..*.O.....%c...\Z....$..-.?......F...........?...a].r..j.SG.......B.f^6..I.!..n7..uC..p...K.N.!...pib..q`hT..`.n]...^f..t.r.......d.......

          C:\Users\user\Favorites\Youtube.url.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):640
          Entropy (8bit):7.628183621201906
          Encrypted:false
          SSDEEP:
          MD5:8B933A1964C03A3B71B54BDE79C205B2
          SHA1:095010CBF2520EBA57D9174E4F949714A283E4FD
          SHA-256:ABCA6C15200A61AE594162F1A90B4BC63ABDA95EDC6D95481910222F1E13B7F9
          SHA-512:317C65069FD3BEE2D34F044061CE9791AFD195D569036A3D2603C41634CC29B401D44C28DA70488BF7AFD0E76B993A8837AC687C7FA85C251D6612A926C045C3
          Malicious:false
          Reputation:low
          Preview:..])...h..m.A..mq.........o.m.&......_.."..,D......~.0q+y....b....R..i..."W...xH.)...Y4...P..Q.Y......!.....eC./gU..Qp..l..._..2}..-....i....;.p.......j.4._.....4I.../..|QL..ry.....T..O..h.].CJ/0O...\CY.v...T.]0I.+.....T.R....!..F.77...O..k+;........o.......R.D.P.;.s..p.....&).-.]=!.=..oM.?....m.c..V..N.._[...w0....++T.[L...n..?.oR...KHXP.C...".i..V.}{*...N.].^.....h..us...|..1S....1..".f.q..wRa.....-......v%.m1..|.|....6...q...P.$..EA..o......=..j.....6...]e.....1.eG.d.FB..[.}LK...+.W2.;...m..P.H.._.GA.Ay.2...K..El......2Mt.K.......X..S...yB....B..S...,.....[.l.........O.`...r.&q.6.V,.C.b.gp.......d.......

          C:\Users\user\Favorites\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):944
          Entropy (8bit):7.784762212756426
          Encrypted:false
          SSDEEP:
          MD5:2E0078369533971CC01AEA6FA74068E6
          SHA1:5F01E37E38D02708584B04E67C84567AB78017AA
          SHA-256:FA93E0E8D7759AC3127421151B674EB86F3350A648E15AE54E506839B4BB8737
          SHA-512:8A45482857BFD42A70120A2A09764AE48D815A96633C4442343BCBA1754D2C1A5AB587AA5F71AE096B11D8E5847112F8FAB4A8F7B3DD884AB6AF2EF57D0E595B
          Malicious:false
          Reputation:low
          Preview:..?...:...L..)....3fn9R.}.[....J*.G...Z.......pJ.{\b^e_..;...OB.%...3.k.....[.G.}.....O.>.J%Op..t.i...T...L..~..(,.3.A#..~L..].R......I%.H..n2.A...k.?..............8.j...q.L.p.)k.u,.....c.O_.Vxd>g..]..y..Nj......:........\$Ho.M.u^..8.`...M..u1.)I.~..;-..F63..r.nJ.2-.....>6.......I...<Go..7Y@-_.[.....t.Oc.........l..gsW).&O...h..aGw=0.....?..*']Z..te........ta...N._Yf....(.[...c..........oL.0.Q................)...:rj.J7.fy..aq.}G.z1....^c&T....z....e..(.M.@...!b....(....k./. .T..w.D....b\.I+d..p.....U,.{.w,..yS.Q..r....d....\........&Gk..U..=.=b.5..PN.K...F.;:.".wiS..(mH*. t.n..)S....lz....J.F.R..1..'..C.q..e.5.q........].+M..O.BP............Kn......C..L.d .......gJO.e,...&I9.q..1ry.!Ez..}..(.r.......|C..s.s...U...\ ..$.B"..e_... .#.1..WJ..B\3......Z..6..6.5!..9......4.........wI.fj.L&.... .}+...z/....]02P5...:<.:..cpj{.[...#%.x.~^...%.....P..8p...!v......$..;i......[.2........d.......

          C:\Users\user\Links\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1040
          Entropy (8bit):7.803203863998345
          Encrypted:false
          SSDEEP:
          MD5:6ADF23989122F95303F07A7AC2080A6F
          SHA1:82C9F8F42F33E9BE6AC70141958EF97F9B1029C4
          SHA-256:FFEAB8999ABBA841CB8DF3D7B67113005063FF2C2A8ACEDCD13FF40113ED5B43
          SHA-512:C79EBF21D3E21EF725EBEA85E1425A9E0474C386DCF057DEC81E741B744F762DBDD6C1DE345E1DD14C586B1E4D1E1AB8D793D7DE8E645003D9F238C5AA331917
          Malicious:false
          Reputation:low
          Preview:....~...Rt...|...C..^!..9...V. .m..:...H*m.....qQ7...~..eFg4.......p......V.4H.vrU...N#/.:*{...D98]..w7.M~[.5U...n#.....d...+.z9;.~....l2s:...OP R.%.\...\.._...Z.zh1..._...Hcc8j.-.:Z..y..w4.c@..kF..,8.O..!....h....Xz.......pw....H........uQ..G.'O.%..Rxc<..!.....0Ia.Z...:pj.!...HP..,..y..:.....)...P..&]'4L.|<...|m......\*....S..2.$0..EM..8..k...!..L.(u.30.K..V.'\.fb+...<..I.~.......3..!....{.M.;;....*'h.V....o......hREC..m..U..n$Ehn.4.v..j.*. ........0.i1.Y.D..C..M.&...V..z.yi.h...Bt...A.........w..N..qO.M&)fv.k...udC......0GL.........w.E." $....]..*...<;.L!.1.,.....4.[.R..uz..L...);........'..cZ[^8<..}......c.?............/..NXB....-....5D|e..B..&Cup..-..x.7F......G..luZ...(D.K......].y.@.....Y......1.....I..^}7..g...Q.nZ.l..Ko..j...e.....3i.......@......YQ:10...`..s....d4.Ae..`....p.Q1.(...t;.fK....f.i...-.o....u|Z..x.T>.b. ......%...NT.8...........m.V.R........vt9.......[.....[7}PD..6.....K..v:...7.e.[..9m...|..jb.l.@'.....SPat...W.......

          C:\Users\user\Music\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1040
          Entropy (8bit):7.816625528661246
          Encrypted:false
          SSDEEP:
          MD5:24565DD1DDC5C5388F7DD40AB904D724
          SHA1:5CFC47C54B218F8BE567CBE1A1DE9A6313BA439E
          SHA-256:241C757DEE2AFAF9FDA813F152E8B9540161486CE750323C70681D3DA991023E
          SHA-512:3DAF4B2143BAB47E1F448B4C07F877A9B98882033E9F01B2219A5637571603184AB3877BBDA0C294C9745A41C74071313D91748B6DA802D80E42B2CD826BDA02
          Malicious:false
          Reputation:low
          Preview:...G.k..2....=.PP.....mTu]....[..U'..R.H'...&.....;........eV..\...E... `.H..Ip0.jB....._....d_...0.P4.|`v......k..*6..+....E.2..og'....pemtD.1D.O......L...!.....Y.X{c......0......\ ..x0Nm.h..../...ZO......04.{....q..l...F..l...It..l.C.....j..CY_..).R.B..g.K:..K...@..vxA......Z....D%....VF..[..v4[...Ye........./........~.H?@...w..V......I_......K..utD5c.p.?.&..<#..l..v..Z...R.\......m".v..3....dI.9*_|.z...d.N.Q9.-.*.Q.q<?.;...".8...}.c.)........9=]..3Q.V`zmJ..._Z?....#...i.+23.F.ej......X.#O95..y.......M.J7^..1.1...2..3..}.....\)[.^.@b.V.vXb...![~x..z..;uAF[..c&L.t.X....k6.d:..B@%...2.gj....lWj@..n..(.....`...h....?.....m"..eC.@0............$.+.O....J.'h.TDy.{.n.....Gg...........~......*........cz?g#P..*.9..X..*..q.........._.g.....:.f.../.(..<...?M...Q....Ts\.R.`.C..+.4..N}9V....P...b...E......6.lA.4..v/..v?}Kl".9.{....H.V..Ns.].QJS..o.&"]........6'Z..A.l.0y...`.P.qLe.0,.t.j....p ....8..`q..y..... ....a....d*T..Q.4E...RT.D...!...H...M.

          C:\Users\user\OneDrive\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):624
          Entropy (8bit):7.583841890926057
          Encrypted:false
          SSDEEP:
          MD5:CBFF3756F5CA7A2FE4D3766592860BCC
          SHA1:E06611EA9201DA7BBA1B889DD3607E7A3FD499C3
          SHA-256:A158786CC631EF36FC40FEE659C2BD7738C7EE3C341FD72FCD84741C0455432D
          SHA-512:089FF44B6E2814785069C366FF5A80295CEA92613EDB6509B545387F6B4112D18F26E2775162C4A03F97205292ECB9B269E12A52ED29B39CDE3EEE10E7C2D69A
          Malicious:false
          Reputation:low
          Preview:.I.!.&H.......=..76....*U..4c..t.d2....F.FPy.cm....4...nGq..F..}.Z<5........).r{N].[...6K..Y..O...Y'.....6.t;;.&.)..........=.d....uh...(flu.~.......(;..E...NP{y.H..{..N<W.]..g{:.?.....7.V.o.N...U^(.A]..L.h.6...n,._.c(...%6<...O.i9..z...9/V..:.d.....DDvW:.2.....}.t..O..R.#.......'q.n.PF........ .uE.:.e./,#S.l..M...(m0E..........".'5%..B.i.U.A...ih.E)).1w9,..B.c.. ".M}/...R.gg...y\|m._...xA...c.6.&..`.n....F.qF....>\6.K%..E....jC.MAoR!.T0v....Qy.._`..;].P..CK..I:c...p...y...ttM....T_L.H..)Q.2].g.=...........F.)...1&j.)#.K.....>o.......>.w.....M.{79.<.)....d..."..Z....x..`!..Z.......d.......

          C:\Users\user\Pictures\Camera Roll\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):720
          Entropy (8bit):7.701916332645122
          Encrypted:false
          SSDEEP:
          MD5:00BAC323624EC2534C4348465A80086E
          SHA1:223B510B6926CCA543C2ECCDEDC95C97850B84F6
          SHA-256:D94147699E4D268FE9358C8BD4402EE500BA282AE12CBA9DF7C83EA235BF99A6
          SHA-512:92EBAFE472058108E2123E446C60E4E2AA7CA234D9B885A57AEC685E87A933AF094BAC5CBEA1E23F53C617667E07C510A1B0D239EC9AEC9357FC205B222C2C85
          Malicious:false
          Reputation:low
          Preview:..c$.@..p..4y....=.f(."&C....;&/QW...............aO..PH.F*._=`j.Q-.i...HZ...... =.2...Y.".Sr.WqX.-..L..c..M...c:f..CM..!.5.%."e5RW.r.T.G.I..,.J.Sb.W}q.8..\._..>......C...-3X..).J.A?..4d.x.i.0{.m=.i.k.1...uA....[.).]..A.....Dc...0E..=..2.e.^..-.%.....3.....i......6d.]...A...d..z...e...........5=..r..7.S...?Y.[...g.j....X.[..1.(.L....M2..l4n......&%..G...;...3o8eY....J....k...o..f.Q.X_.'..t...\..^pD/[.......t.x....=..).;[lF..f.G......`n ...Lc..9..[.........h...+.G...PL.6......*./.?.+.t.,..c...M^..8...*x.!'[...q.T.A6...@,.|.m.......Z......C...1...N.9..:.5...f9j..5fQ.....F......0E..m.{d....x..../I.K_l .5.IP2..3........J...D..C....7;v..w.....gsl.G,....'T.H..~.Q......o........d.......

          C:\Users\user\Pictures\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1040
          Entropy (8bit):7.790930739442709
          Encrypted:false
          SSDEEP:
          MD5:32A065E69E7CF68EBF36959F94AF38AF
          SHA1:B89122681FD58034013172B732E2EF58FE96962F
          SHA-256:2B0168BBF8748E69A889F49595052A27687E8B8B54A7FE972848A3F6149CB3E4
          SHA-512:C84E516F2772D4ECA1B0F68B47867CE2262EB25E275E00CE0391BF6F91DABD4878E829B3FF9E8233CA3BDA340CAAE588E7695B7BEFDCC62B269128DF9241D05D
          Malicious:false
          Reputation:low
          Preview:.2m......N.....Sn...Z.!..M....]..,9v.\.\n..h.c5.'.J.H...R..x.cT.6b...^.->.D.g..@^>D4.U&m]....e...F..y..].`..nD4.1.g. ...v.....E..Mk..uz.9..4..\....NV........R....B...^.0..@8..@..s;i..d"m......xr..Ts;...8.?..#.K.>.*;.{+.s^P........[;V......x...}.....]%.<.0Gp...7P..n..\\.ud..)Y...,....3l..$Q....K..-..$....h%.......w.i.}X..+.&..p.5~........;..pW..I.....x..1.e2.o..&.2.!*r..nA>P.e_.'.......I|k&X0.R.a..mS..g....:..m0K."..P.e-...._..TD....w.....L.#.]...T|+..t....=...wR.}W.D.@05\..G.}..M.....p......Z.....7X.Sz...*...l..Sj.$.....[.a.gpV*.x......F.c>.........P...:.+.1......G.....m/.t....l...Y..2.>v......e....V..d...2R..%G.VDan!8.D.n..R....3.p...~.P./K|...gh.=..Sa.||....L.P...J...\sGW.._.f....a...l.{..:...<a.x$.. G+.g....$.-...=..q.x=...?...6(?..M..@?..>|3..,..7......!s..n.Y.}..L..+kf..3..3i{i...z.Z.9......!.Ku....q..B9../...R+4...5..z.OW.2.x.U7~~......J4.y'.Xs..$Md......B".QUM..8............c.3mj.R.u5i.x....@...d.1....h....uP.mI.F.0.Y...H..

          C:\Users\user\Saved Games\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):816
          Entropy (8bit):7.71940929156169
          Encrypted:false
          SSDEEP:
          MD5:45E319A736C1874E79F77563E89F886C
          SHA1:FC5D40029560DD1D5CA9852C80F774C4CBD95859
          SHA-256:BABFDCDE5F52BF99D1949610AA397036036063F148667251E4AC1292C5F20D7D
          SHA-512:465645F640877066F4BB098D7DA17D9485C5EC6EB7D467DC52C573321081DEE076C861F3EA03E6CC48FE3634CB7B26E3E2F8CC01A92015FE33DAB6BE82E62931
          Malicious:false
          Reputation:low
          Preview:..h..X7w..r...G."........h..../.v.m...;....Y...~...x/H..j\.KQke4W..q.. X*.J.R..w...'....d.-.....f......b..JPL..|g*U...x...n....r4.iv..j.5.. ..r..a'...bo.G.......p...E }K/.........-....d.._Q....;cC*{....3a.Fg\pf}(..,\..C.....N.G.V.a.:..L....<,.E}...W.".0...S..0g....G....C.OFl....LH...B...&G...W.~....w....v......3.5.;..E..{seh..>-...'U<qG.^.b.\..fc.(.K....$...Y{.O..... ..4@e...}.@..z..lG..r...../.$.....a.t..=f.......v`h...yC.....D2...."V.op1T@.#...E\.T7A.t+.........xa.R....tbjrc....Yj.g....65.L.(z.u..aJ...}z.X.~..42..a..B... L.|..RB...H.....5...j......Fb....6....JC.@....."............t...\.4....UG<..c...c2...i.l[<.)5.8..M.|..+0....-rE.@.N|......Z. ...h..k7.i.....m<.H.l.0+&.r?E...6.H.....x.?...U.&..G.[..6..%A....^G.....r.A.Om.A:.G....j...A...9XU...2./1........d.......

          C:\Users\user\Searches\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1056
          Entropy (8bit):7.8184507197527795
          Encrypted:false
          SSDEEP:
          MD5:65D117A200AC48D3DB0315552061E214
          SHA1:629A12144A1886BA57ED7C4E04EBFD1FDF6109B7
          SHA-256:D1BB2EC1876B1E170024243859C83869247D13C431C8577CE6769409D7413DDC
          SHA-512:0D583E64AC9A056F4BCECD484CA43D1BCF32D93C227FAE2889C1CF63E7FA417BB75F16B0A2DB1ABC9426BDB69669696A9A093AE82553493AC786BD1AEC401E43
          Malicious:false
          Reputation:low
          Preview:P.....Y9.2H.0..(.....K....o^......hx.S.)c..V.p....*.*.W.M...7.O...!..V.C.fVz...P..4...u...qH..A4L.nr.....5. pM...4-..UE.O.d....[y....(Y.?...#.l..%.. .?...L...=X.%"\...~V.;...:.4.%...f\..Q..[Oj"..._E..e].....;M.._.!aJ...].fi....1.F.U.$%.\C.;N.-\m.=.@0.P...m....oy.$.6.@V......g.V.....K..Hm.[5#._...n..hy..........=......e.8..DS....o)xK..."$..8..NjU._...^..rAI.;.0C..b.x.....?...+.}..*o.B..._....|...]>T..8..........'..k...n_.3..^..{.....5w.......]..........q...D.J...u..+9[g.../R.s9&b4G.K .v <.Pc../c..%.0.....F%..&....W.`..&w..(V.W.....}z.?.'..(.x.W..}D)NY$..3..#..!..mx.<p3..Z.3..m.r.%.S.7og^FEr....Z.=JY0.-....#N...Ww.j......Y!...."@Y.....Q.6J...l%.sZ..v..M..T.9.R..iC.....~(..|......[(.$.F.h6....2....=.U6p.5#":.<p.......Z...i=...9.*.O~..dF.O........H..|...$BT.S..S...p..;.... .#...X.Y.4..2...~.M..JN..-.G....m.S{W.Ck.8v..-...}...YRj.;......7.R...{K,.3...O...<.V-.G.C*..b{.1........../....\ ...1.vW.c../.0......U3W3..]n..7.7S$.3.. ...f..[.~.O.

          C:\Users\user\Videos\desktop.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):1040
          Entropy (8bit):7.818960492196231
          Encrypted:false
          SSDEEP:
          MD5:A7B67FFA088D278B23308BE8B47DE7B7
          SHA1:AC43F91CD3F075DF1935DF1A108521D01B85B91B
          SHA-256:22FABFE4B2836347DA2D4601AEB492DA89D4B580B81F07CF1E27BD2E3E8B92DC
          SHA-512:98A284618AC0E8A95C4BE021BD889073972BDDCE64F0D933A91A1F0596316E8B3FD0BD0385E92F5F1E0F9047025E2A703B6C5862FC71A1CA3B01D2D822E296AD
          Malicious:false
          Reputation:low
          Preview:...........h.........}...Q.!Eyy.c*..)..T...........u..^.g-BP.06E..2......<...J...O.\..h.l........(.F..&b._..o..;fe.....c..?...a.vS......J.e)..4.(_#?\.`N8..KqBq..9.0..,.|q..\......l}...5..h_....Uv.F...H>.'Q.....o.L....|.z.i.!:Y.....7$.3L......{.c....G5.}.b......(..9..3l.\....../$+...fit......Uu.x$....U.E9...i.LX....|i...*..%...yC_.j...K"...7.`;z!5...f.I...Y5...w...p,.D.]......I..W.H..I^............l.?...2........_N...Y....Q[..a._.xJ.}.V.......m.6....k.T.. {P...-. .N.Q.}.>..:c............c.&.t4.Z..__.A..Ga.HEq....|:....<..x.M....\....... .#.........Po....t....".$..=....j...I..S..Qn...q...[..f.S.. .?.[.gqh.\....!.p.X{.;i.+...+....m9/.V..!.k@.y.i+.z......h#.y[T.>.x.A... .+....R.kmN..2 kk7.....]-.L..i.O..V.=(..y>.`....j.0.Tqb..\.c.Yv.v....|n..>.)..SHTzD.._`.S..q...~%.>....C.:v............u.2..e..3..sB.+.-=,}R.42."d.A/..3..iu...9.e...Z...ZXO8WcS..s.>..fC.{..o..ZP.^9}.....lyYu.".....X\I.M.3J.?Z...,16...J...3(...Bm..Z.l.M1.......Z..;.8.O.8...

          C:\Users\user\ntuser.ini.royal_w

          Download File
          Process:C:\Users\user\Downloads\FxyxmdOyQe\malware.exe
          File Type:data
          Category:dropped
          Size (bytes):560
          Entropy (8bit):7.568160854052978
          Encrypted:false
          SSDEEP:
          MD5:CE34063182613ECA73919399C2829500
          SHA1:9BB5994EECED85D1F62F3BFE9986EAA95245FF53
          SHA-256:906B97D1AC97786C8FD53D51350AB033BCBDF8E61E6892AE1E9323F94CDF49CD
          SHA-512:2DDE1B4D0A551E95D9CB1D8243E7ECE1BF5EE027D5CC5BEEFAF3F108EA5B509674F21B0BA773A5468B988BD5817C85FCFF8D7A728EA530F32A3BB386CEEE3F9E
          Malicious:false
          Reputation:low
          Preview:.<..&....\U.Yp..^.{.H8.2g..0s...M..n.j)O.U=V.....s.....:E..s(}...C`..B-.......?p...?...3...@.~...,.>..U.....M..5.ywNg....1.........F&Yh........U.x........H!..iN.!W..b58&1.z..(.)m..m.z..m........{.j....x.E.'....C..R...........D..Hf~..`].`.I..A....r.L.kv..W..n<n~.1.b.-i.t.u....R..'{G.......$2.L@A...+.'...L.`.ln...1.I..(.".?.F....1k.:u........~F..P...*..N.#zkH.M(@.*....i.......5m$.....;...?..H..w..P.5H.tL..a!(.....)9Hvj..,....j.....b.%..+K.#.j\.mp I..D.Cb.... K..!Y.W...g......`.;......`........._$.B..,.r.T.ji.h..........d.......

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.828201669853982
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:malware.exe
          File size:2237952
          MD5:7eac8aef6533d6b87e1d0004005430e4
          SHA1:addf21b4bacf3c2e0eb001fb3e2be2d462da87bc
          SHA256:ccc63f897d97e61dcb616f0e28ab43a995b466506e6de3c9c153386f492259ab
          SHA512:35040ff6e30b07a564886f9ad7aa216153f7908b8faa57868f4e98d5cf05d3bf7066dfe1b8d8ecd023191add9a4643aaf016ef26fd98d842a18da40cd7357895
          SSDEEP:24576:P+KpPzIzkQoU6cvTJdCm6pMtGMt0p0LkeoqP5nV6BQ1s2Y/tJGnX+LuiehI6YL2o:Dq9FTZGkvtOqYwrUPJwzjzQsh6b
          TLSH:99A5AE02FF8294B2D9C3167921EB977F4E3959149738D9C3CB9129AEC8211D2963F3D8
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z..I;..I;..I;..]P..G;..]P...;..]P..[;..]P..^;..I;...;..+C..c;..+C..Z;..+C..Q;...G...9..I;..^;...B..L;...B).H;...B..H;..RichI;.

          Static PE Info

          General

          Entrypoint:0x570b38
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x63F543B2 [Tue Feb 21 22:20:34 2023 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:0
          File Version Major:6
          File Version Minor:0
          Subsystem Version Major:6
          Subsystem Version Minor:0
          Import Hash:3a45ce41fbc6d362dd2f153d51234462

          Entrypoint Preview

          Instruction
          call 00007F9AC044CDABh
          jmp 00007F9AC044C36Fh
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          push ecx
          lea ecx, dword ptr [esp+04h]
          sub ecx, eax
          sbb eax, eax
          not eax
          and ecx, eax
          mov eax, esp
          and eax, FFFFF000h
          cmp ecx, eax
          jc 00007F9AC044C4FCh
          mov eax, ecx
          pop ecx
          xchg eax, esp
          mov eax, dword ptr [eax]
          mov dword ptr [esp], eax
          ret
          sub eax, 00001000h
          test dword ptr [eax], eax
          jmp 00007F9AC044C4DBh
          push ebp
          mov ebp, esp
          mov eax, dword ptr [ebp+08h]
          push esi
          mov ecx, dword ptr [eax+3Ch]
          add ecx, eax
          movzx eax, word ptr [ecx+14h]
          lea edx, dword ptr [ecx+18h]
          add edx, eax
          movzx eax, word ptr [ecx+06h]
          imul esi, eax, 28h
          add esi, edx
          cmp edx, esi
          je 00007F9AC044C50Bh
          mov ecx, dword ptr [ebp+0Ch]
          cmp ecx, dword ptr [edx+0Ch]
          jc 00007F9AC044C4FCh
          mov eax, dword ptr [edx+08h]
          add eax, dword ptr [edx+0Ch]
          cmp ecx, eax
          jc 00007F9AC044C4FEh
          add edx, 28h
          cmp edx, esi
          jne 00007F9AC044C4DCh
          xor eax, eax
          pop esi
          pop ebp
          ret
          mov eax, edx
          jmp 00007F9AC044C4EBh
          push esi
          call 00007F9AC044D259h
          test eax, eax
          je 00007F9AC044C512h
          mov eax, dword ptr fs:[00000018h]
          mov esi, 00611F7Ch
          mov edx, dword ptr [eax+04h]
          jmp 00007F9AC044C4F6h
          cmp edx, eax
          je 00007F9AC044C502h
          xor eax, eax
          mov ecx, edx
          lock cmpxchg dword ptr [esi], ecx
          test eax, eax
          jne 00007F9AC044C4E2h
          xor al, al
          pop esi
          ret
          mov al, 01h
          pop esi
          ret
          push ebp
          mov ebp, esp
          cmp dword ptr [ebp+08h], 00000000h
          jne 00007F9AC044C4F9h
          mov byte ptr [00611F80h], 00000000h

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x20d0600xf0.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2130000x1e0.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2140000x138a0.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x20bbb80x38.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20baf80x40.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x1910000x308.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x18f54f0x18f600False0.5368232834507042data6.851367351208121IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x1910000x7d0ea0x7d200False0.4288738605144855data5.823717570140382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x20f0000x3ed40x1e00False0.3111979166666667Matlab v4 mat-file (little endian) \360iE, rows 8, columns 8, imaginary3.486984481293121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x2130000x1e00x200False0.52734375data4.7113407225994175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x2140000x138a00x13a00False0.5809240644904459data6.6096696172300256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountry
          RT_MANIFEST0x2130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

          Imports

          DLLImport
          SHLWAPI.dllStrStrIW
          WS2_32.dllWSAStartup, shutdown, setsockopt, connect, send, recv, WSASetLastError, getservbyname, getservbyport, gethostbyaddr, inet_ntoa, inet_addr, WSAGetLastError, WSACleanup, gethostbyname, select, ntohs, getsockopt, ioctlsocket, bind, WSAIoctl, closesocket, ntohl, WSASocketW, socket, WSAAddressToStringW, htonl, htons
          CRYPT32.dllCertEnumCertificatesInStore, CertOpenStore, CertFindCertificateInStore, CertGetCertificateContextProperty, CertFreeCertificateContext, CertDuplicateCertificateContext, CertCloseStore
          ADVAPI32.dllCryptGetUserKey, CryptReleaseContext, CryptDestroyKey, ReportEventW, RegisterEventSourceW, DeregisterEventSource, CryptEnumProvidersW, CryptSignHashW, CryptDestroyHash, CryptCreateHash, CryptDecrypt, CryptExportKey, CryptSetHashParam, CryptGetProvParam, CryptAcquireContextW
          USER32.dllMessageBoxW, GetUserObjectInformationW, GetProcessWindowStation, wsprintfW
          SHELL32.dllShellExecuteW, CommandLineToArgvW
          IPHLPAPI.DLLGetIpAddrTable
          NETAPI32.dllNetShareEnum, NetApiBufferFree
          RstrtMgr.DLLRmStartSession, RmGetList, RmShutdown, RmEndSession, RmRegisterResources
          bcrypt.dllBCryptGenRandom
          KERNEL32.dllCompareStringW, HeapAlloc, HeapFree, GetModuleFileNameW, SetConsoleCtrlHandler, LCMapStringW, HeapReAlloc, GetConsoleOutputCP, SetStdHandle, GetCurrentDirectoryW, GetFullPathNameW, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetStringTypeW, GetProcessHeap, GetTimeZoneInformation, HeapSize, GetModuleHandleExW, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetFileInformationByHandle, LoadLibraryExW, InitializeCriticalSectionAndSpinCount, EncodePointer, WriteConsoleW, WideCharToMultiByte, RaiseException, RtlUnwind, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLogicalDrives, FindFirstFileW, EnterCriticalSection, FindNextFileW, WriteFile, LeaveCriticalSection, FindClose, CreateFileW, ExitThread, Sleep, CloseHandle, CreateThread, lstrcmpiW, GetDriveTypeW, GetCommandLineW, GetCurrentProcess, lstrlenW, WaitForMultipleObjects, InitializeCriticalSection, InitializeConditionVariable, CreateMutexW, lstrlenA, WaitForSingleObject, GetLastError, GetProcAddress, DeleteCriticalSection, ExitProcess, CreateProcessW, GetModuleHandleW, DecodePointer, lstrcmpW, CancelIo, GetQueuedCompletionStatus, CreateIoCompletionPort, SleepConditionVariableCS, ReadFile, GetFileSizeEx, WakeAllConditionVariable, GetProcessId, SetEndOfFile, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, GetNativeSystemInfo, SetFilePointerEx, MoveFileExW, FlushFileBuffers, SetLastError, InitializeSRWLock, ReleaseSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockExclusive, AcquireSRWLockShared, GetCurrentThreadId, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemDirectoryA, FreeLibrary, LoadLibraryA, FormatMessageA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualFree, GetEnvironmentVariableW, MultiByteToWideChar, GetACP, GetStdHandle, GetFileType, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States